diff --git a/.github/.cSpellWords.txt b/.github/.cSpellWords.txt index d100fcd49..3582741e3 100644 --- a/.github/.cSpellWords.txt +++ b/.github/.cSpellWords.txt @@ -106,6 +106,7 @@ CLKSOURCE CLKSTA CLRB CLRF +clrm CLRPSW CMCNT CMCON @@ -678,6 +679,7 @@ pylint pytest pyyaml RAMPZ +randomisation RASR Rationalised Raynald diff --git a/portable/ARMv8M/non_secure/port.c b/portable/ARMv8M/non_secure/port.c index f3f5d3edd..82a4c6bc5 100644 --- a/portable/ARMv8M/non_secure/port.c +++ b/portable/ARMv8M/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portasm.c b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portasm.c index f7d3bb181..47a16852d 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portasm.c +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portasm.c @@ -100,6 +100,14 @@ " ldr r2, [r1] \n" /* r2 = Location of saved context in TCB. */ " \n" " restore_special_regs_first_task: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r2!, {r3-r6} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_2, r5 \n" + " msr PAC_KEY_P_3, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " ldmdb r2!, {r0, r3-r5, lr} \n" /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ " msr psp, r3 \n" " msr psplim, r4 \n" @@ -132,6 +140,15 @@ " ldr r3, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r3] \n" /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r1-r4} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r1 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r2 \n" + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_0, r4 \n" + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldm r0!, {r1-r3} \n" /* Read from stack - r1 = xSecureContext, r2 = PSPLIM and r3 = EXC_RETURN. */ " ldr r4, =xSecureContext \n" " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ @@ -280,7 +297,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " \n" " save_general_regs: \n" " mrs r3, psp \n" - " \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) " add r3, r3, #0x20 \n" /* Move r3 to location where s0 is saved. */ " tst lr, #0x10 \n" @@ -290,7 +306,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " vstmiaeq r2!, {s0-s16} \n" /* Store hardware saved FP context. */ " sub r3, r3, #0x20 \n" /* Set r3 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " \n" " stmia r2!, {r4-r11} \n" /* Store r4-r11. */ " ldmia r3, {r4-r11} \n" /* Copy the hardware saved context into r4-r11. */ " stmia r2!, {r4-r11} \n" /* Store the hardware saved context. */ @@ -300,6 +315,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mrs r4, psplim \n" /* r4 = PSPLIM. */ " mrs r5, control \n" /* r5 = CONTROL. */ " stmia r2!, {r0, r3-r5, lr} \n" /* Store xSecureContext, original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + " mrs r3, PAC_KEY_P_0 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r4, PAC_KEY_P_1 \n" + " mrs r5, PAC_KEY_P_2 \n" + " mrs r6, PAC_KEY_P_3 \n" + " stmia r2!, {r3-r6} \n" /* Store the task's dedicated PAC key on the task's context. */ + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " str r2, [r1] \n" /* Save the location from where the context should be restored as the first member of TCB. */ " \n" " select_next_task: \n" @@ -358,6 +381,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r2, [r1] \n" /* r2 = Location of saved context in TCB. */ " \n" " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r2!, {r3-r6} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_2, r5 \n" + " msr PAC_KEY_P_3, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " ldmdb r2!, {r0, r3-r5, lr} \n" /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ " msr psp, r3 \n" " msr psplim, r4 \n" @@ -401,82 +432,99 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att { __asm volatile ( - " .syntax unified \n" - " .extern SecureContext_SaveContext \n" - " .extern SecureContext_LoadContext \n" - " \n" - " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ - " ldr r0, [r3] \n" /* Read xSecureContext - Value of xSecureContext must be in r0 as it is used as a parameter later. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB - Value of pxCurrentTCB must be in r1 as it is used as a parameter later. */ - " mrs r2, psp \n" /* Read PSP in r2. */ - " \n" - " cbz r0, save_ns_context \n" /* No secure context to save. */ - " push {r0-r2, r14} \n" - " bl SecureContext_SaveContext \n" /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - " pop {r0-r3} \n" /* LR is now in r3. */ - " mov lr, r3 \n" /* LR = r3. */ - " lsls r1, r3, #25 \n" /* r1 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - " bpl save_ns_context \n" /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - " \n" - " mrs r1, psplim \n" /* r1 = PSPLIM. */ - " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ - " stmdb r2!, {r0, r1, r3} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ - " b select_next_task \n" - " \n" - " save_ns_context: \n" + " .syntax unified \n" + " .extern SecureContext_SaveContext \n" + " .extern SecureContext_LoadContext \n" + " \n" + " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ + " ldr r0, [r3] \n" /* Read xSecureContext - Value of xSecureContext must be in r0 as it is used as a parameter later. */ + " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ + " ldr r1, [r3] \n" /* Read pxCurrentTCB - Value of pxCurrentTCB must be in r1 as it is used as a parameter later. */ + " mrs r2, psp \n" /* Read PSP in r2. */ + " \n" + " cbz r0, save_ns_context \n" /* No secure context to save. */ + " save_s_context: \n" + " push {r0-r2, lr} \n" + " bl SecureContext_SaveContext \n" /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + " pop {r0-r2, lr} \n" + " \n" + " save_ns_context: \n" + " mov r3, lr \n" /* r3 = LR (EXC_RETURN). */ + " lsls r3, r3, #25 \n" /* r3 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + " bmi save_special_regs \n" /* If r3 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used. */ + " \n" + " save_general_regs: \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ - " it eq \n" - " vstmdbeq r2!, {s16-s31} \n" /* Store the additional FP context registers which are not saved automatically. */ + " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ + " it eq \n" + " vstmdbeq r2!, {s16-s31} \n" /* Store the additional FP context registers which are not saved automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " stmdb r2!, {r4-r11} \n" /* Store the registers that are not saved automatically. */ - " mrs r1, psplim \n" /* r1 = PSPLIM. */ - " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ - " stmdb r2!, {r0, r1, r3} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " str r2, [r1] \n" /* Save the new top of stack in TCB. */ - " \n" - " select_next_task: \n" - " mov r0, %0 \n" /* r0 = configMAX_SYSCALL_INTERRUPT_PRIORITY */ - " msr basepri, r0 \n" /* Disable interrupts up to configMAX_SYSCALL_INTERRUPT_PRIORITY. */ - " dsb \n" - " isb \n" - " bl vTaskSwitchContext \n" - " mov r0, #0 \n" /* r0 = 0. */ - " msr basepri, r0 \n" /* Enable interrupts. */ - " \n" - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " ldr r2, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ - " \n" - " ldmia r2!, {r0, r1, r4} \n" /* Read from stack - r0 = xSecureContext, r1 = PSPLIM and r4 = LR. */ - " msr psplim, r1 \n" /* Restore the PSPLIM register value for the task. */ - " mov lr, r4 \n" /* LR = r4. */ - " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ - " str r0, [r3] \n" /* Restore the task's xSecureContext. */ - " cbz r0, restore_ns_context \n" /* If there is no secure context for the task, restore the non-secure context. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " push {r2, r4} \n" - " bl SecureContext_LoadContext \n" /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - " pop {r2, r4} \n" - " mov lr, r4 \n" /* LR = r4. */ - " lsls r1, r4, #25 \n" /* r1 = r4 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - " bpl restore_ns_context \n" /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - " msr psp, r2 \n" /* Remember the new top of stack for the task. */ - " bx lr \n" - " \n" - " restore_ns_context: \n" - " ldmia r2!, {r4-r11} \n" /* Restore the registers that are not automatically restored. */ + " stmdb r2!, {r4-r11} \n" /* Store the registers that are not saved automatically. */ + " \n" + " save_special_regs: \n" + " mrs r3, psplim \n" /* r3 = PSPLIM. */ + " stmdb r2!, {r0, r3, lr} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ + #if ( configENABLE_PAC == 1 ) + " mrs r3, PAC_KEY_P_3 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r4, PAC_KEY_P_2 \n" + " mrs r5, PAC_KEY_P_1 \n" + " mrs r6, PAC_KEY_P_0 \n" + " stmdb r2!, {r3-r6} \n" /* Store the task's dedicated PAC key on the stack. */ + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + " \n" + " str r2, [r1] \n" /* Save the new top of stack in TCB. */ + " \n" + " select_next_task: \n" + " mov r0, %0 \n" /* r0 = configMAX_SYSCALL_INTERRUPT_PRIORITY */ + " msr basepri, r0 \n" /* Disable interrupts up to configMAX_SYSCALL_INTERRUPT_PRIORITY. */ + " dsb \n" + " isb \n" + " bl vTaskSwitchContext \n" + " mov r0, #0 \n" /* r0 = 0. */ + " msr basepri, r0 \n" /* Enable interrupts. */ + " \n" + " restore_context: \n" + " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ + " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ + " ldr r2, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ + " \n" + " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r2!, {r3-r6} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_1, r5 \n" + " msr PAC_KEY_P_0, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + " ldmia r2!, {r0, r3, lr} \n" /* Read from stack - r0 = xSecureContext, r3 = PSPLIM and LR restored. */ + " msr psplim, r3 \n" /* Restore the PSPLIM register value for the task. */ + " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ + " str r0, [r3] \n" /* Restore the task's xSecureContext. */ + " cbz r0, restore_ns_context \n" /* If there is no secure context for the task, restore the non-secure context. */ + " \n" + " restore_s_context: \n" + " push {r1-r3, lr} \n" + " bl SecureContext_LoadContext \n" /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + " pop {r1-r3, lr} \n" + " \n" + " restore_ns_context: \n" + " mov r0, lr \n" /* r0 = LR (EXC_RETURN). */ + " lsls r0, r0, #25 \n" /* r0 = r0 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + " bmi restore_context_done \n" /* r0 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used to store the stack frame. */ + " \n" + " restore_general_regs: \n" + " ldmia r2!, {r4-r11} \n" /* Restore the registers that are not automatically restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ " it eq \n" " vldmiaeq r2!, {s16-s31} \n" /* Restore the additional FP context registers which are not restored automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " msr psp, r2 \n" /* Remember the new top of stack for the task. */ - " bx lr \n" + " \n" + " restore_context_done: \n" + " msr psp, r2 \n" /* Remember the new top of stack for the task. */ + " bx lr \n" ::"i" ( configMAX_SYSCALL_INTERRUPT_PRIORITY ) ); } diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portasm.c b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portasm.c index 7cdff7005..0b31a9969 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portasm.c +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portasm.c @@ -100,6 +100,14 @@ " ldr r1, [r0] \n" /* r1 = Location of saved context in TCB. */ " \n" " restore_special_regs_first_task: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r1!, {r2-r5} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_3, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " ldmdb r1!, {r2-r4, lr} \n" /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ " msr psp, r2 \n" " msr psplim, r3 \n" @@ -130,6 +138,15 @@ " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r1] \n" /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r1-r4} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r1 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r2 \n" + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_0, r4 \n" + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " mrs r1, control \n" /* Obtain current control register value. */ @@ -270,7 +287,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " vstmiaeq r1!, {s0-s16} \n" /* Store hardware saved FP context. */ " sub r2, r2, #0x20 \n" /* Set r2 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " \n" " stmia r1!, {r4-r11} \n" /* Store r4-r11. */ " ldmia r2, {r4-r11} \n" /* Copy the hardware saved context into r4-r11. */ " stmia r1!, {r4-r11} \n" /* Store the hardware saved context. */ @@ -279,6 +295,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mrs r3, psplim \n" /* r3 = PSPLIM. */ " mrs r4, control \n" /* r4 = CONTROL. */ " stmia r1!, {r2-r4, lr} \n" /* Store original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + " mrs r2, PAC_KEY_P_0 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r3, PAC_KEY_P_1 \n" + " mrs r4, PAC_KEY_P_2 \n" + " mrs r5, PAC_KEY_P_3 \n" + " stmia r1!, {r2-r5} \n" /* Store the task's dedicated PAC key on the task's context. */ + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " str r1, [r0] \n" /* Save the location from where the context should be restored as the first member of TCB. */ " \n" " select_next_task: \n" @@ -337,6 +361,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r1, [r0] \n" /* r1 = Location of saved context in TCB. */ " \n" " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r1!, {r2-r5} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_3, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " ldmdb r1!, {r2-r4, lr} \n" /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ " msr psp, r2 \n" " msr psplim, r3 \n" @@ -381,6 +413,15 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ " stmdb r0!, {r2-r11} \n" /* Store on the stack - PSPLIM, LR and registers that are not automatically saved. */ " \n" + #if ( configENABLE_PAC == 1 ) + " mrs r1, PAC_KEY_P_3 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r2, PAC_KEY_P_2 \n" + " mrs r3, PAC_KEY_P_1 \n" + " mrs r4, PAC_KEY_P_0 \n" + " stmdb r0!, {r1-r4} \n" /* Store the task's dedicated PAC key on the stack. */ + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldr r2, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " str r0, [r1] \n" /* Save the new top of stack in TCB. */ @@ -397,6 +438,15 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r0 now points to the top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r2-r5} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r3 \n" + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_0, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ + " \n" " ldmia r0!, {r2-r11} \n" /* Read from stack - r2 = PSPLIM, r3 = LR and r4-r11 restored. */ " \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portasm.s b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portasm.s index c77fd3940..8d5988819 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portasm.s +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portasm.s @@ -152,6 +152,14 @@ vRestoreContextOfFirstTask: ldr r2, [r1] /* r2 = Location of saved context in TCB. */ restore_special_regs_first_task: + #if ( configENABLE_PAC == 1 ) + ldmdb r2!, {r3-r6} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_2, r5 + msr PAC_KEY_P_3, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ ldmdb r2!, {r0, r3-r5, lr} /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ msr psp, r3 msr psplim, r4 @@ -177,6 +185,15 @@ vRestoreContextOfFirstTask: ldr r3, [r2] /* Read pxCurrentTCB. */ ldr r0, [r3] /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r1-r4} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r1 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r2 + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_0, r4 + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldm r0!, {r1-r3} /* Read from stack - r1 = xSecureContext, r2 = PSPLIM and r3 = EXC_RETURN. */ ldr r4, =xSecureContext str r1, [r4] /* Set xSecureContext to this task's value for the same. */ @@ -271,7 +288,16 @@ PendSV_Handler: mrs r4, psplim /* r4 = PSPLIM. */ mrs r5, control /* r5 = CONTROL. */ stmia r2!, {r0, r3-r5, lr} /* Store xSecureContext, original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ - str r2, [r1] /* Save the location from where the context should be restored as the first member of TCB. */ + #if ( configENABLE_PAC == 1 ) + mrs r3, PAC_KEY_P_0 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r4, PAC_KEY_P_1 + mrs r5, PAC_KEY_P_2 + mrs r6, PAC_KEY_P_3 + stmia r2!, {r3-r6} /* Store the task's dedicated PAC key on the task's context. */ + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + + str r2, [r1] /* Save the location from where the context should be restored as the first member of TCB. */ select_next_task: mov r0, #configMAX_SYSCALL_INTERRUPT_PRIORITY @@ -329,6 +355,14 @@ PendSV_Handler: ldr r2, [r1] /* r2 = Location of saved context in TCB. */ restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmdb r2!, {r3-r6} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_2, r5 + msr PAC_KEY_P_3, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ ldmdb r2!, {r0, r3-r5, lr} /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ msr psp, r3 msr psplim, r4 @@ -374,31 +408,37 @@ PendSV_Handler: mrs r2, psp /* Read PSP in r2. */ cbz r0, save_ns_context /* No secure context to save. */ - push {r0-r2, r14} - bl SecureContext_SaveContext /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - pop {r0-r3} /* LR is now in r3. */ - mov lr, r3 /* LR = r3. */ - lsls r1, r3, #25 /* r1 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - bpl save_ns_context /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - - mrs r1, psplim /* r1 = PSPLIM. */ - mov r3, lr /* r3 = LR/EXC_RETURN. */ - stmdb r2!, {r0, r1, r3} /* Store xSecureContext, PSPLIM and LR on the stack. */ - b select_next_task + save_s_context: + push {r0-r2, lr} + bl SecureContext_SaveContext /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + pop {r0-r2, lr} save_ns_context: + mov r3, lr /* r3 = LR. */ + lsls r3, r3, #25 /* r3 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + bmi save_special_regs /* If r3 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used. */ + + save_general_regs: #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) tst lr, #0x10 /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ it eq vstmdbeq r2!, {s16-s31} /* Store the additional FP context registers which are not saved automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ stmdb r2!, {r4-r11} /* Store the registers that are not saved automatically. */ - mrs r1, psplim /* r1 = PSPLIM. */ - mov r3, lr /* r3 = LR/EXC_RETURN. */ - stmdb r2!, {r0, r1, r3} /* Store xSecureContext, PSPLIM and LR on the stack. */ - ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - ldr r1, [r3] /* Read pxCurrentTCB. */ - str r2, [r1] /* Save the new top of stack in TCB. */ + + save_special_regs: + mrs r3, psplim /* r3 = PSPLIM. */ + stmdb r2!, {r0, r3, lr} /* Store xSecureContext, PSPLIM and LR on the stack. */ + #if ( configENABLE_PAC == 1 ) + mrs r3, PAC_KEY_P_3 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r4, PAC_KEY_P_2 + mrs r5, PAC_KEY_P_1 + mrs r6, PAC_KEY_P_0 + stmdb r2!, {r3-r6} /* Store the task's dedicated PAC key on the stack. */ + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + + str r2, [r1] /* Save the new top of stack in TCB. */ select_next_task: mov r0, #configMAX_SYSCALL_INTERRUPT_PRIORITY @@ -409,34 +449,45 @@ PendSV_Handler: mov r0, #0 /* r0 = 0. */ msr basepri, r0 /* Enable interrupts. */ + restore_context: ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ ldr r1, [r3] /* Read pxCurrentTCB. */ ldr r2, [r1] /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ - ldmia r2!, {r0, r1, r4} /* Read from stack - r0 = xSecureContext, r1 = PSPLIM and r4 = LR. */ - msr psplim, r1 /* Restore the PSPLIM register value for the task. */ - mov lr, r4 /* LR = r4. */ + restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmia r2!, {r3-r6} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_1, r5 + msr PAC_KEY_P_0, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + ldmia r2!, {r0, r3, lr} http://files.iar.com/ftp/pub/box/bxarm-9.60.3.deb/* Read from stack - r0 = xSecureContext, r3 = PSPLIM and LR restored. */ + msr psplim, r3 /* Restore the PSPLIM register value for the task. */ ldr r3, =xSecureContext /* Read the location of xSecureContext i.e. &( xSecureContext ). */ str r0, [r3] /* Restore the task's xSecureContext. */ cbz r0, restore_ns_context /* If there is no secure context for the task, restore the non-secure context. */ - ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - ldr r1, [r3] /* Read pxCurrentTCB. */ - push {r2, r4} + + restore_s_context: + push {r1-r3, lr} bl SecureContext_LoadContext /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - pop {r2, r4} - mov lr, r4 /* LR = r4. */ - lsls r1, r4, #25 /* r1 = r4 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - bpl restore_ns_context /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - msr psp, r2 /* Remember the new top of stack for the task. */ - bx lr + pop {r1-r3, lr} restore_ns_context: + mov r0, lr /* r0 = LR (EXC_RETURN). */ + lsls r0, r0, #25 /* r0 = r0 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + bmi restore_context_done /* r0 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used to store the stack frame. */ + + restore_general_regs: ldmia r2!, {r4-r11} /* Restore the registers that are not automatically restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) tst lr, #0x10 /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ it eq vldmiaeq r2!, {s16-s31} /* Restore the additional FP context registers which are not restored automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ + + restore_context_done: msr psp, r2 /* Remember the new top of stack for the task. */ bx lr diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portasm.s b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portasm.s index 9d6c6a7ef..ba6e8e915 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portasm.s +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portasm.s @@ -142,6 +142,14 @@ vRestoreContextOfFirstTask: ldr r1, [r0] /* r1 = Location of saved context in TCB. */ restore_special_regs_first_task: + #if ( configENABLE_PAC == 1 ) + ldmdb r1!, {r2-r5} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_3, r5 + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ ldmdb r1!, {r2-r4, lr} /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ msr psp, r2 msr psplim, r3 @@ -165,6 +173,15 @@ vRestoreContextOfFirstTask: ldr r1, [r2] /* Read pxCurrentTCB. */ ldr r0, [r1] /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r1-r4} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r1 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r2 + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_0, r4 + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ msr psplim, r1 /* Set this task's PSPLIM value. */ mrs r1, control /* Obtain current control register value. */ @@ -233,7 +250,6 @@ PendSV_Handler: vstmiaeq r1!, {s0-s16} /* Store hardware saved FP context. */ sub r2, r2, #0x20 /* Set r2 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - stmia r1!, {r4-r11} /* Store r4-r11. */ ldmia r2, {r4-r11} /* Copy the hardware saved context into r4-r11. */ stmia r1!, {r4-r11} /* Store the hardware saved context. */ @@ -242,6 +258,15 @@ PendSV_Handler: mrs r3, psplim /* r3 = PSPLIM. */ mrs r4, control /* r4 = CONTROL. */ stmia r1!, {r2-r4, lr} /* Store original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + mrs r2, PAC_KEY_P_0 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r3, PAC_KEY_P_1 + mrs r4, PAC_KEY_P_2 + mrs r5, PAC_KEY_P_3 + stmia r1!, {r2-r5} /* Store the task's dedicated PAC key on the task's context. */ + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ + str r1, [r0] /* Save the location from where the context should be restored as the first member of TCB. */ select_next_task: @@ -300,6 +325,14 @@ PendSV_Handler: ldr r1, [r0] /* r1 = Location of saved context in TCB. */ restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmdb r1!, {r2-r5} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_3, r5 + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ ldmdb r1!, {r2-r4, lr} /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ msr psp, r2 msr psplim, r3 @@ -335,6 +368,15 @@ PendSV_Handler: mov r3, lr /* r3 = LR/EXC_RETURN. */ stmdb r0!, {r2-r11} /* Store on the stack - PSPLIM, LR and registers that are not automatically. */ +#if ( configENABLE_PAC == 1 ) + mrs r1, PAC_KEY_P_3 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r2, PAC_KEY_P_2 + mrs r3, PAC_KEY_P_1 + mrs r4, PAC_KEY_P_0 + stmdb r0!, {r1-r4} /* Store the task's dedicated PAC key on the stack. */ + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldr r2, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ ldr r1, [r2] /* Read pxCurrentTCB. */ str r0, [r1] /* Save the new top of stack in TCB. */ @@ -351,6 +393,15 @@ PendSV_Handler: ldr r1, [r2] /* Read pxCurrentTCB. */ ldr r0, [r1] /* The first item in pxCurrentTCB is the task top of stack. r0 now points to the top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r2-r5} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r3 + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_0, r5 + clrm {r2-r5} /* Clear r2-r5. */ +#endif /* configENABLE_PAC */ + ldmia r0!, {r2-r11} /* Read from stack - r2 = PSPLIM, r3 = LR and r4-r11 restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) diff --git a/portable/ARMv8M/non_secure/portmacrocommon.h b/portable/ARMv8M/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/ARMv8M/non_secure/portmacrocommon.h +++ b/portable/ARMv8M/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/GCC/ARM_CM23/non_secure/port.c b/portable/GCC/ARM_CM23/non_secure/port.c index f3f5d3edd..82a4c6bc5 100644 --- a/portable/GCC/ARM_CM23/non_secure/port.c +++ b/portable/GCC/ARM_CM23/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/GCC/ARM_CM23/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM23/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/GCC/ARM_CM23/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM23/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/GCC/ARM_CM23_NTZ/non_secure/port.c b/portable/GCC/ARM_CM23_NTZ/non_secure/port.c index f3f5d3edd..82a4c6bc5 100644 --- a/portable/GCC/ARM_CM23_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM23_NTZ/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/GCC/ARM_CM23_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM23_NTZ/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/GCC/ARM_CM23_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM23_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/GCC/ARM_CM33/non_secure/port.c b/portable/GCC/ARM_CM33/non_secure/port.c index aa9c23816..6a069bcd4 100644 --- a/portable/GCC/ARM_CM33/non_secure/port.c +++ b/portable/GCC/ARM_CM33/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/GCC/ARM_CM33/non_secure/portasm.c b/portable/GCC/ARM_CM33/non_secure/portasm.c index f7d3bb181..47a16852d 100644 --- a/portable/GCC/ARM_CM33/non_secure/portasm.c +++ b/portable/GCC/ARM_CM33/non_secure/portasm.c @@ -100,6 +100,14 @@ " ldr r2, [r1] \n" /* r2 = Location of saved context in TCB. */ " \n" " restore_special_regs_first_task: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r2!, {r3-r6} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_2, r5 \n" + " msr PAC_KEY_P_3, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " ldmdb r2!, {r0, r3-r5, lr} \n" /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ " msr psp, r3 \n" " msr psplim, r4 \n" @@ -132,6 +140,15 @@ " ldr r3, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r3] \n" /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r1-r4} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r1 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r2 \n" + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_0, r4 \n" + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldm r0!, {r1-r3} \n" /* Read from stack - r1 = xSecureContext, r2 = PSPLIM and r3 = EXC_RETURN. */ " ldr r4, =xSecureContext \n" " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ @@ -280,7 +297,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " \n" " save_general_regs: \n" " mrs r3, psp \n" - " \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) " add r3, r3, #0x20 \n" /* Move r3 to location where s0 is saved. */ " tst lr, #0x10 \n" @@ -290,7 +306,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " vstmiaeq r2!, {s0-s16} \n" /* Store hardware saved FP context. */ " sub r3, r3, #0x20 \n" /* Set r3 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " \n" " stmia r2!, {r4-r11} \n" /* Store r4-r11. */ " ldmia r3, {r4-r11} \n" /* Copy the hardware saved context into r4-r11. */ " stmia r2!, {r4-r11} \n" /* Store the hardware saved context. */ @@ -300,6 +315,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mrs r4, psplim \n" /* r4 = PSPLIM. */ " mrs r5, control \n" /* r5 = CONTROL. */ " stmia r2!, {r0, r3-r5, lr} \n" /* Store xSecureContext, original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + " mrs r3, PAC_KEY_P_0 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r4, PAC_KEY_P_1 \n" + " mrs r5, PAC_KEY_P_2 \n" + " mrs r6, PAC_KEY_P_3 \n" + " stmia r2!, {r3-r6} \n" /* Store the task's dedicated PAC key on the task's context. */ + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " str r2, [r1] \n" /* Save the location from where the context should be restored as the first member of TCB. */ " \n" " select_next_task: \n" @@ -358,6 +381,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r2, [r1] \n" /* r2 = Location of saved context in TCB. */ " \n" " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r2!, {r3-r6} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_2, r5 \n" + " msr PAC_KEY_P_3, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " ldmdb r2!, {r0, r3-r5, lr} \n" /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ " msr psp, r3 \n" " msr psplim, r4 \n" @@ -401,82 +432,99 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att { __asm volatile ( - " .syntax unified \n" - " .extern SecureContext_SaveContext \n" - " .extern SecureContext_LoadContext \n" - " \n" - " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ - " ldr r0, [r3] \n" /* Read xSecureContext - Value of xSecureContext must be in r0 as it is used as a parameter later. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB - Value of pxCurrentTCB must be in r1 as it is used as a parameter later. */ - " mrs r2, psp \n" /* Read PSP in r2. */ - " \n" - " cbz r0, save_ns_context \n" /* No secure context to save. */ - " push {r0-r2, r14} \n" - " bl SecureContext_SaveContext \n" /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - " pop {r0-r3} \n" /* LR is now in r3. */ - " mov lr, r3 \n" /* LR = r3. */ - " lsls r1, r3, #25 \n" /* r1 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - " bpl save_ns_context \n" /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - " \n" - " mrs r1, psplim \n" /* r1 = PSPLIM. */ - " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ - " stmdb r2!, {r0, r1, r3} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ - " b select_next_task \n" - " \n" - " save_ns_context: \n" + " .syntax unified \n" + " .extern SecureContext_SaveContext \n" + " .extern SecureContext_LoadContext \n" + " \n" + " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ + " ldr r0, [r3] \n" /* Read xSecureContext - Value of xSecureContext must be in r0 as it is used as a parameter later. */ + " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ + " ldr r1, [r3] \n" /* Read pxCurrentTCB - Value of pxCurrentTCB must be in r1 as it is used as a parameter later. */ + " mrs r2, psp \n" /* Read PSP in r2. */ + " \n" + " cbz r0, save_ns_context \n" /* No secure context to save. */ + " save_s_context: \n" + " push {r0-r2, lr} \n" + " bl SecureContext_SaveContext \n" /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + " pop {r0-r2, lr} \n" + " \n" + " save_ns_context: \n" + " mov r3, lr \n" /* r3 = LR (EXC_RETURN). */ + " lsls r3, r3, #25 \n" /* r3 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + " bmi save_special_regs \n" /* If r3 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used. */ + " \n" + " save_general_regs: \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ - " it eq \n" - " vstmdbeq r2!, {s16-s31} \n" /* Store the additional FP context registers which are not saved automatically. */ + " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ + " it eq \n" + " vstmdbeq r2!, {s16-s31} \n" /* Store the additional FP context registers which are not saved automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " stmdb r2!, {r4-r11} \n" /* Store the registers that are not saved automatically. */ - " mrs r1, psplim \n" /* r1 = PSPLIM. */ - " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ - " stmdb r2!, {r0, r1, r3} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " str r2, [r1] \n" /* Save the new top of stack in TCB. */ - " \n" - " select_next_task: \n" - " mov r0, %0 \n" /* r0 = configMAX_SYSCALL_INTERRUPT_PRIORITY */ - " msr basepri, r0 \n" /* Disable interrupts up to configMAX_SYSCALL_INTERRUPT_PRIORITY. */ - " dsb \n" - " isb \n" - " bl vTaskSwitchContext \n" - " mov r0, #0 \n" /* r0 = 0. */ - " msr basepri, r0 \n" /* Enable interrupts. */ - " \n" - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " ldr r2, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ - " \n" - " ldmia r2!, {r0, r1, r4} \n" /* Read from stack - r0 = xSecureContext, r1 = PSPLIM and r4 = LR. */ - " msr psplim, r1 \n" /* Restore the PSPLIM register value for the task. */ - " mov lr, r4 \n" /* LR = r4. */ - " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ - " str r0, [r3] \n" /* Restore the task's xSecureContext. */ - " cbz r0, restore_ns_context \n" /* If there is no secure context for the task, restore the non-secure context. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " push {r2, r4} \n" - " bl SecureContext_LoadContext \n" /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - " pop {r2, r4} \n" - " mov lr, r4 \n" /* LR = r4. */ - " lsls r1, r4, #25 \n" /* r1 = r4 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - " bpl restore_ns_context \n" /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - " msr psp, r2 \n" /* Remember the new top of stack for the task. */ - " bx lr \n" - " \n" - " restore_ns_context: \n" - " ldmia r2!, {r4-r11} \n" /* Restore the registers that are not automatically restored. */ + " stmdb r2!, {r4-r11} \n" /* Store the registers that are not saved automatically. */ + " \n" + " save_special_regs: \n" + " mrs r3, psplim \n" /* r3 = PSPLIM. */ + " stmdb r2!, {r0, r3, lr} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ + #if ( configENABLE_PAC == 1 ) + " mrs r3, PAC_KEY_P_3 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r4, PAC_KEY_P_2 \n" + " mrs r5, PAC_KEY_P_1 \n" + " mrs r6, PAC_KEY_P_0 \n" + " stmdb r2!, {r3-r6} \n" /* Store the task's dedicated PAC key on the stack. */ + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + " \n" + " str r2, [r1] \n" /* Save the new top of stack in TCB. */ + " \n" + " select_next_task: \n" + " mov r0, %0 \n" /* r0 = configMAX_SYSCALL_INTERRUPT_PRIORITY */ + " msr basepri, r0 \n" /* Disable interrupts up to configMAX_SYSCALL_INTERRUPT_PRIORITY. */ + " dsb \n" + " isb \n" + " bl vTaskSwitchContext \n" + " mov r0, #0 \n" /* r0 = 0. */ + " msr basepri, r0 \n" /* Enable interrupts. */ + " \n" + " restore_context: \n" + " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ + " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ + " ldr r2, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ + " \n" + " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r2!, {r3-r6} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_1, r5 \n" + " msr PAC_KEY_P_0, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + " ldmia r2!, {r0, r3, lr} \n" /* Read from stack - r0 = xSecureContext, r3 = PSPLIM and LR restored. */ + " msr psplim, r3 \n" /* Restore the PSPLIM register value for the task. */ + " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ + " str r0, [r3] \n" /* Restore the task's xSecureContext. */ + " cbz r0, restore_ns_context \n" /* If there is no secure context for the task, restore the non-secure context. */ + " \n" + " restore_s_context: \n" + " push {r1-r3, lr} \n" + " bl SecureContext_LoadContext \n" /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + " pop {r1-r3, lr} \n" + " \n" + " restore_ns_context: \n" + " mov r0, lr \n" /* r0 = LR (EXC_RETURN). */ + " lsls r0, r0, #25 \n" /* r0 = r0 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + " bmi restore_context_done \n" /* r0 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used to store the stack frame. */ + " \n" + " restore_general_regs: \n" + " ldmia r2!, {r4-r11} \n" /* Restore the registers that are not automatically restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ " it eq \n" " vldmiaeq r2!, {s16-s31} \n" /* Restore the additional FP context registers which are not restored automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " msr psp, r2 \n" /* Remember the new top of stack for the task. */ - " bx lr \n" + " \n" + " restore_context_done: \n" + " msr psp, r2 \n" /* Remember the new top of stack for the task. */ + " bx lr \n" ::"i" ( configMAX_SYSCALL_INTERRUPT_PRIORITY ) ); } diff --git a/portable/GCC/ARM_CM33/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM33/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/GCC/ARM_CM33/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM33/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/GCC/ARM_CM33_NTZ/non_secure/port.c b/portable/GCC/ARM_CM33_NTZ/non_secure/port.c index aa9c23816..6a069bcd4 100644 --- a/portable/GCC/ARM_CM33_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM33_NTZ/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/GCC/ARM_CM33_NTZ/non_secure/portasm.c b/portable/GCC/ARM_CM33_NTZ/non_secure/portasm.c index 7cdff7005..0b31a9969 100644 --- a/portable/GCC/ARM_CM33_NTZ/non_secure/portasm.c +++ b/portable/GCC/ARM_CM33_NTZ/non_secure/portasm.c @@ -100,6 +100,14 @@ " ldr r1, [r0] \n" /* r1 = Location of saved context in TCB. */ " \n" " restore_special_regs_first_task: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r1!, {r2-r5} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_3, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " ldmdb r1!, {r2-r4, lr} \n" /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ " msr psp, r2 \n" " msr psplim, r3 \n" @@ -130,6 +138,15 @@ " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r1] \n" /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r1-r4} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r1 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r2 \n" + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_0, r4 \n" + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " mrs r1, control \n" /* Obtain current control register value. */ @@ -270,7 +287,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " vstmiaeq r1!, {s0-s16} \n" /* Store hardware saved FP context. */ " sub r2, r2, #0x20 \n" /* Set r2 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " \n" " stmia r1!, {r4-r11} \n" /* Store r4-r11. */ " ldmia r2, {r4-r11} \n" /* Copy the hardware saved context into r4-r11. */ " stmia r1!, {r4-r11} \n" /* Store the hardware saved context. */ @@ -279,6 +295,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mrs r3, psplim \n" /* r3 = PSPLIM. */ " mrs r4, control \n" /* r4 = CONTROL. */ " stmia r1!, {r2-r4, lr} \n" /* Store original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + " mrs r2, PAC_KEY_P_0 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r3, PAC_KEY_P_1 \n" + " mrs r4, PAC_KEY_P_2 \n" + " mrs r5, PAC_KEY_P_3 \n" + " stmia r1!, {r2-r5} \n" /* Store the task's dedicated PAC key on the task's context. */ + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " str r1, [r0] \n" /* Save the location from where the context should be restored as the first member of TCB. */ " \n" " select_next_task: \n" @@ -337,6 +361,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r1, [r0] \n" /* r1 = Location of saved context in TCB. */ " \n" " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r1!, {r2-r5} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_3, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " ldmdb r1!, {r2-r4, lr} \n" /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ " msr psp, r2 \n" " msr psplim, r3 \n" @@ -381,6 +413,15 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ " stmdb r0!, {r2-r11} \n" /* Store on the stack - PSPLIM, LR and registers that are not automatically saved. */ " \n" + #if ( configENABLE_PAC == 1 ) + " mrs r1, PAC_KEY_P_3 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r2, PAC_KEY_P_2 \n" + " mrs r3, PAC_KEY_P_1 \n" + " mrs r4, PAC_KEY_P_0 \n" + " stmdb r0!, {r1-r4} \n" /* Store the task's dedicated PAC key on the stack. */ + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldr r2, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " str r0, [r1] \n" /* Save the new top of stack in TCB. */ @@ -397,6 +438,15 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r0 now points to the top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r2-r5} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r3 \n" + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_0, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ + " \n" " ldmia r0!, {r2-r11} \n" /* Read from stack - r2 = PSPLIM, r3 = LR and r4-r11 restored. */ " \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) diff --git a/portable/GCC/ARM_CM33_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM33_NTZ/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/GCC/ARM_CM33_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM33_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/GCC/ARM_CM35P/non_secure/port.c b/portable/GCC/ARM_CM35P/non_secure/port.c index aa9c23816..6a069bcd4 100644 --- a/portable/GCC/ARM_CM35P/non_secure/port.c +++ b/portable/GCC/ARM_CM35P/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/GCC/ARM_CM35P/non_secure/portasm.c b/portable/GCC/ARM_CM35P/non_secure/portasm.c index f7d3bb181..47a16852d 100644 --- a/portable/GCC/ARM_CM35P/non_secure/portasm.c +++ b/portable/GCC/ARM_CM35P/non_secure/portasm.c @@ -100,6 +100,14 @@ " ldr r2, [r1] \n" /* r2 = Location of saved context in TCB. */ " \n" " restore_special_regs_first_task: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r2!, {r3-r6} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_2, r5 \n" + " msr PAC_KEY_P_3, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " ldmdb r2!, {r0, r3-r5, lr} \n" /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ " msr psp, r3 \n" " msr psplim, r4 \n" @@ -132,6 +140,15 @@ " ldr r3, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r3] \n" /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r1-r4} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r1 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r2 \n" + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_0, r4 \n" + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldm r0!, {r1-r3} \n" /* Read from stack - r1 = xSecureContext, r2 = PSPLIM and r3 = EXC_RETURN. */ " ldr r4, =xSecureContext \n" " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ @@ -280,7 +297,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " \n" " save_general_regs: \n" " mrs r3, psp \n" - " \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) " add r3, r3, #0x20 \n" /* Move r3 to location where s0 is saved. */ " tst lr, #0x10 \n" @@ -290,7 +306,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " vstmiaeq r2!, {s0-s16} \n" /* Store hardware saved FP context. */ " sub r3, r3, #0x20 \n" /* Set r3 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " \n" " stmia r2!, {r4-r11} \n" /* Store r4-r11. */ " ldmia r3, {r4-r11} \n" /* Copy the hardware saved context into r4-r11. */ " stmia r2!, {r4-r11} \n" /* Store the hardware saved context. */ @@ -300,6 +315,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mrs r4, psplim \n" /* r4 = PSPLIM. */ " mrs r5, control \n" /* r5 = CONTROL. */ " stmia r2!, {r0, r3-r5, lr} \n" /* Store xSecureContext, original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + " mrs r3, PAC_KEY_P_0 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r4, PAC_KEY_P_1 \n" + " mrs r5, PAC_KEY_P_2 \n" + " mrs r6, PAC_KEY_P_3 \n" + " stmia r2!, {r3-r6} \n" /* Store the task's dedicated PAC key on the task's context. */ + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " str r2, [r1] \n" /* Save the location from where the context should be restored as the first member of TCB. */ " \n" " select_next_task: \n" @@ -358,6 +381,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r2, [r1] \n" /* r2 = Location of saved context in TCB. */ " \n" " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r2!, {r3-r6} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_2, r5 \n" + " msr PAC_KEY_P_3, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " ldmdb r2!, {r0, r3-r5, lr} \n" /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ " msr psp, r3 \n" " msr psplim, r4 \n" @@ -401,82 +432,99 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att { __asm volatile ( - " .syntax unified \n" - " .extern SecureContext_SaveContext \n" - " .extern SecureContext_LoadContext \n" - " \n" - " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ - " ldr r0, [r3] \n" /* Read xSecureContext - Value of xSecureContext must be in r0 as it is used as a parameter later. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB - Value of pxCurrentTCB must be in r1 as it is used as a parameter later. */ - " mrs r2, psp \n" /* Read PSP in r2. */ - " \n" - " cbz r0, save_ns_context \n" /* No secure context to save. */ - " push {r0-r2, r14} \n" - " bl SecureContext_SaveContext \n" /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - " pop {r0-r3} \n" /* LR is now in r3. */ - " mov lr, r3 \n" /* LR = r3. */ - " lsls r1, r3, #25 \n" /* r1 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - " bpl save_ns_context \n" /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - " \n" - " mrs r1, psplim \n" /* r1 = PSPLIM. */ - " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ - " stmdb r2!, {r0, r1, r3} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ - " b select_next_task \n" - " \n" - " save_ns_context: \n" + " .syntax unified \n" + " .extern SecureContext_SaveContext \n" + " .extern SecureContext_LoadContext \n" + " \n" + " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ + " ldr r0, [r3] \n" /* Read xSecureContext - Value of xSecureContext must be in r0 as it is used as a parameter later. */ + " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ + " ldr r1, [r3] \n" /* Read pxCurrentTCB - Value of pxCurrentTCB must be in r1 as it is used as a parameter later. */ + " mrs r2, psp \n" /* Read PSP in r2. */ + " \n" + " cbz r0, save_ns_context \n" /* No secure context to save. */ + " save_s_context: \n" + " push {r0-r2, lr} \n" + " bl SecureContext_SaveContext \n" /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + " pop {r0-r2, lr} \n" + " \n" + " save_ns_context: \n" + " mov r3, lr \n" /* r3 = LR (EXC_RETURN). */ + " lsls r3, r3, #25 \n" /* r3 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + " bmi save_special_regs \n" /* If r3 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used. */ + " \n" + " save_general_regs: \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ - " it eq \n" - " vstmdbeq r2!, {s16-s31} \n" /* Store the additional FP context registers which are not saved automatically. */ + " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ + " it eq \n" + " vstmdbeq r2!, {s16-s31} \n" /* Store the additional FP context registers which are not saved automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " stmdb r2!, {r4-r11} \n" /* Store the registers that are not saved automatically. */ - " mrs r1, psplim \n" /* r1 = PSPLIM. */ - " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ - " stmdb r2!, {r0, r1, r3} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " str r2, [r1] \n" /* Save the new top of stack in TCB. */ - " \n" - " select_next_task: \n" - " mov r0, %0 \n" /* r0 = configMAX_SYSCALL_INTERRUPT_PRIORITY */ - " msr basepri, r0 \n" /* Disable interrupts up to configMAX_SYSCALL_INTERRUPT_PRIORITY. */ - " dsb \n" - " isb \n" - " bl vTaskSwitchContext \n" - " mov r0, #0 \n" /* r0 = 0. */ - " msr basepri, r0 \n" /* Enable interrupts. */ - " \n" - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " ldr r2, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ - " \n" - " ldmia r2!, {r0, r1, r4} \n" /* Read from stack - r0 = xSecureContext, r1 = PSPLIM and r4 = LR. */ - " msr psplim, r1 \n" /* Restore the PSPLIM register value for the task. */ - " mov lr, r4 \n" /* LR = r4. */ - " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ - " str r0, [r3] \n" /* Restore the task's xSecureContext. */ - " cbz r0, restore_ns_context \n" /* If there is no secure context for the task, restore the non-secure context. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " push {r2, r4} \n" - " bl SecureContext_LoadContext \n" /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - " pop {r2, r4} \n" - " mov lr, r4 \n" /* LR = r4. */ - " lsls r1, r4, #25 \n" /* r1 = r4 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - " bpl restore_ns_context \n" /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - " msr psp, r2 \n" /* Remember the new top of stack for the task. */ - " bx lr \n" - " \n" - " restore_ns_context: \n" - " ldmia r2!, {r4-r11} \n" /* Restore the registers that are not automatically restored. */ + " stmdb r2!, {r4-r11} \n" /* Store the registers that are not saved automatically. */ + " \n" + " save_special_regs: \n" + " mrs r3, psplim \n" /* r3 = PSPLIM. */ + " stmdb r2!, {r0, r3, lr} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ + #if ( configENABLE_PAC == 1 ) + " mrs r3, PAC_KEY_P_3 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r4, PAC_KEY_P_2 \n" + " mrs r5, PAC_KEY_P_1 \n" + " mrs r6, PAC_KEY_P_0 \n" + " stmdb r2!, {r3-r6} \n" /* Store the task's dedicated PAC key on the stack. */ + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + " \n" + " str r2, [r1] \n" /* Save the new top of stack in TCB. */ + " \n" + " select_next_task: \n" + " mov r0, %0 \n" /* r0 = configMAX_SYSCALL_INTERRUPT_PRIORITY */ + " msr basepri, r0 \n" /* Disable interrupts up to configMAX_SYSCALL_INTERRUPT_PRIORITY. */ + " dsb \n" + " isb \n" + " bl vTaskSwitchContext \n" + " mov r0, #0 \n" /* r0 = 0. */ + " msr basepri, r0 \n" /* Enable interrupts. */ + " \n" + " restore_context: \n" + " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ + " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ + " ldr r2, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ + " \n" + " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r2!, {r3-r6} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_1, r5 \n" + " msr PAC_KEY_P_0, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + " ldmia r2!, {r0, r3, lr} \n" /* Read from stack - r0 = xSecureContext, r3 = PSPLIM and LR restored. */ + " msr psplim, r3 \n" /* Restore the PSPLIM register value for the task. */ + " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ + " str r0, [r3] \n" /* Restore the task's xSecureContext. */ + " cbz r0, restore_ns_context \n" /* If there is no secure context for the task, restore the non-secure context. */ + " \n" + " restore_s_context: \n" + " push {r1-r3, lr} \n" + " bl SecureContext_LoadContext \n" /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + " pop {r1-r3, lr} \n" + " \n" + " restore_ns_context: \n" + " mov r0, lr \n" /* r0 = LR (EXC_RETURN). */ + " lsls r0, r0, #25 \n" /* r0 = r0 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + " bmi restore_context_done \n" /* r0 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used to store the stack frame. */ + " \n" + " restore_general_regs: \n" + " ldmia r2!, {r4-r11} \n" /* Restore the registers that are not automatically restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ " it eq \n" " vldmiaeq r2!, {s16-s31} \n" /* Restore the additional FP context registers which are not restored automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " msr psp, r2 \n" /* Remember the new top of stack for the task. */ - " bx lr \n" + " \n" + " restore_context_done: \n" + " msr psp, r2 \n" /* Remember the new top of stack for the task. */ + " bx lr \n" ::"i" ( configMAX_SYSCALL_INTERRUPT_PRIORITY ) ); } diff --git a/portable/GCC/ARM_CM35P/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM35P/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/GCC/ARM_CM35P/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM35P/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/GCC/ARM_CM35P_NTZ/non_secure/port.c b/portable/GCC/ARM_CM35P_NTZ/non_secure/port.c index aa9c23816..6a069bcd4 100644 --- a/portable/GCC/ARM_CM35P_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM35P_NTZ/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/GCC/ARM_CM35P_NTZ/non_secure/portasm.c b/portable/GCC/ARM_CM35P_NTZ/non_secure/portasm.c index 7cdff7005..0b31a9969 100644 --- a/portable/GCC/ARM_CM35P_NTZ/non_secure/portasm.c +++ b/portable/GCC/ARM_CM35P_NTZ/non_secure/portasm.c @@ -100,6 +100,14 @@ " ldr r1, [r0] \n" /* r1 = Location of saved context in TCB. */ " \n" " restore_special_regs_first_task: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r1!, {r2-r5} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_3, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " ldmdb r1!, {r2-r4, lr} \n" /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ " msr psp, r2 \n" " msr psplim, r3 \n" @@ -130,6 +138,15 @@ " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r1] \n" /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r1-r4} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r1 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r2 \n" + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_0, r4 \n" + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " mrs r1, control \n" /* Obtain current control register value. */ @@ -270,7 +287,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " vstmiaeq r1!, {s0-s16} \n" /* Store hardware saved FP context. */ " sub r2, r2, #0x20 \n" /* Set r2 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " \n" " stmia r1!, {r4-r11} \n" /* Store r4-r11. */ " ldmia r2, {r4-r11} \n" /* Copy the hardware saved context into r4-r11. */ " stmia r1!, {r4-r11} \n" /* Store the hardware saved context. */ @@ -279,6 +295,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mrs r3, psplim \n" /* r3 = PSPLIM. */ " mrs r4, control \n" /* r4 = CONTROL. */ " stmia r1!, {r2-r4, lr} \n" /* Store original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + " mrs r2, PAC_KEY_P_0 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r3, PAC_KEY_P_1 \n" + " mrs r4, PAC_KEY_P_2 \n" + " mrs r5, PAC_KEY_P_3 \n" + " stmia r1!, {r2-r5} \n" /* Store the task's dedicated PAC key on the task's context. */ + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " str r1, [r0] \n" /* Save the location from where the context should be restored as the first member of TCB. */ " \n" " select_next_task: \n" @@ -337,6 +361,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r1, [r0] \n" /* r1 = Location of saved context in TCB. */ " \n" " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r1!, {r2-r5} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_3, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " ldmdb r1!, {r2-r4, lr} \n" /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ " msr psp, r2 \n" " msr psplim, r3 \n" @@ -381,6 +413,15 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ " stmdb r0!, {r2-r11} \n" /* Store on the stack - PSPLIM, LR and registers that are not automatically saved. */ " \n" + #if ( configENABLE_PAC == 1 ) + " mrs r1, PAC_KEY_P_3 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r2, PAC_KEY_P_2 \n" + " mrs r3, PAC_KEY_P_1 \n" + " mrs r4, PAC_KEY_P_0 \n" + " stmdb r0!, {r1-r4} \n" /* Store the task's dedicated PAC key on the stack. */ + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldr r2, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " str r0, [r1] \n" /* Save the new top of stack in TCB. */ @@ -397,6 +438,15 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r0 now points to the top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r2-r5} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r3 \n" + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_0, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ + " \n" " ldmia r0!, {r2-r11} \n" /* Read from stack - r2 = PSPLIM, r3 = LR and r4-r11 restored. */ " \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) diff --git a/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/GCC/ARM_CM55/non_secure/port.c b/portable/GCC/ARM_CM55/non_secure/port.c index aa9c23816..6a069bcd4 100644 --- a/portable/GCC/ARM_CM55/non_secure/port.c +++ b/portable/GCC/ARM_CM55/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/GCC/ARM_CM55/non_secure/portasm.c b/portable/GCC/ARM_CM55/non_secure/portasm.c index f7d3bb181..47a16852d 100644 --- a/portable/GCC/ARM_CM55/non_secure/portasm.c +++ b/portable/GCC/ARM_CM55/non_secure/portasm.c @@ -100,6 +100,14 @@ " ldr r2, [r1] \n" /* r2 = Location of saved context in TCB. */ " \n" " restore_special_regs_first_task: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r2!, {r3-r6} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_2, r5 \n" + " msr PAC_KEY_P_3, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " ldmdb r2!, {r0, r3-r5, lr} \n" /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ " msr psp, r3 \n" " msr psplim, r4 \n" @@ -132,6 +140,15 @@ " ldr r3, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r3] \n" /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r1-r4} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r1 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r2 \n" + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_0, r4 \n" + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldm r0!, {r1-r3} \n" /* Read from stack - r1 = xSecureContext, r2 = PSPLIM and r3 = EXC_RETURN. */ " ldr r4, =xSecureContext \n" " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ @@ -280,7 +297,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " \n" " save_general_regs: \n" " mrs r3, psp \n" - " \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) " add r3, r3, #0x20 \n" /* Move r3 to location where s0 is saved. */ " tst lr, #0x10 \n" @@ -290,7 +306,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " vstmiaeq r2!, {s0-s16} \n" /* Store hardware saved FP context. */ " sub r3, r3, #0x20 \n" /* Set r3 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " \n" " stmia r2!, {r4-r11} \n" /* Store r4-r11. */ " ldmia r3, {r4-r11} \n" /* Copy the hardware saved context into r4-r11. */ " stmia r2!, {r4-r11} \n" /* Store the hardware saved context. */ @@ -300,6 +315,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mrs r4, psplim \n" /* r4 = PSPLIM. */ " mrs r5, control \n" /* r5 = CONTROL. */ " stmia r2!, {r0, r3-r5, lr} \n" /* Store xSecureContext, original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + " mrs r3, PAC_KEY_P_0 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r4, PAC_KEY_P_1 \n" + " mrs r5, PAC_KEY_P_2 \n" + " mrs r6, PAC_KEY_P_3 \n" + " stmia r2!, {r3-r6} \n" /* Store the task's dedicated PAC key on the task's context. */ + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " str r2, [r1] \n" /* Save the location from where the context should be restored as the first member of TCB. */ " \n" " select_next_task: \n" @@ -358,6 +381,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r2, [r1] \n" /* r2 = Location of saved context in TCB. */ " \n" " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r2!, {r3-r6} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_2, r5 \n" + " msr PAC_KEY_P_3, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " ldmdb r2!, {r0, r3-r5, lr} \n" /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ " msr psp, r3 \n" " msr psplim, r4 \n" @@ -401,82 +432,99 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att { __asm volatile ( - " .syntax unified \n" - " .extern SecureContext_SaveContext \n" - " .extern SecureContext_LoadContext \n" - " \n" - " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ - " ldr r0, [r3] \n" /* Read xSecureContext - Value of xSecureContext must be in r0 as it is used as a parameter later. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB - Value of pxCurrentTCB must be in r1 as it is used as a parameter later. */ - " mrs r2, psp \n" /* Read PSP in r2. */ - " \n" - " cbz r0, save_ns_context \n" /* No secure context to save. */ - " push {r0-r2, r14} \n" - " bl SecureContext_SaveContext \n" /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - " pop {r0-r3} \n" /* LR is now in r3. */ - " mov lr, r3 \n" /* LR = r3. */ - " lsls r1, r3, #25 \n" /* r1 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - " bpl save_ns_context \n" /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - " \n" - " mrs r1, psplim \n" /* r1 = PSPLIM. */ - " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ - " stmdb r2!, {r0, r1, r3} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ - " b select_next_task \n" - " \n" - " save_ns_context: \n" + " .syntax unified \n" + " .extern SecureContext_SaveContext \n" + " .extern SecureContext_LoadContext \n" + " \n" + " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ + " ldr r0, [r3] \n" /* Read xSecureContext - Value of xSecureContext must be in r0 as it is used as a parameter later. */ + " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ + " ldr r1, [r3] \n" /* Read pxCurrentTCB - Value of pxCurrentTCB must be in r1 as it is used as a parameter later. */ + " mrs r2, psp \n" /* Read PSP in r2. */ + " \n" + " cbz r0, save_ns_context \n" /* No secure context to save. */ + " save_s_context: \n" + " push {r0-r2, lr} \n" + " bl SecureContext_SaveContext \n" /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + " pop {r0-r2, lr} \n" + " \n" + " save_ns_context: \n" + " mov r3, lr \n" /* r3 = LR (EXC_RETURN). */ + " lsls r3, r3, #25 \n" /* r3 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + " bmi save_special_regs \n" /* If r3 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used. */ + " \n" + " save_general_regs: \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ - " it eq \n" - " vstmdbeq r2!, {s16-s31} \n" /* Store the additional FP context registers which are not saved automatically. */ + " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ + " it eq \n" + " vstmdbeq r2!, {s16-s31} \n" /* Store the additional FP context registers which are not saved automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " stmdb r2!, {r4-r11} \n" /* Store the registers that are not saved automatically. */ - " mrs r1, psplim \n" /* r1 = PSPLIM. */ - " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ - " stmdb r2!, {r0, r1, r3} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " str r2, [r1] \n" /* Save the new top of stack in TCB. */ - " \n" - " select_next_task: \n" - " mov r0, %0 \n" /* r0 = configMAX_SYSCALL_INTERRUPT_PRIORITY */ - " msr basepri, r0 \n" /* Disable interrupts up to configMAX_SYSCALL_INTERRUPT_PRIORITY. */ - " dsb \n" - " isb \n" - " bl vTaskSwitchContext \n" - " mov r0, #0 \n" /* r0 = 0. */ - " msr basepri, r0 \n" /* Enable interrupts. */ - " \n" - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " ldr r2, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ - " \n" - " ldmia r2!, {r0, r1, r4} \n" /* Read from stack - r0 = xSecureContext, r1 = PSPLIM and r4 = LR. */ - " msr psplim, r1 \n" /* Restore the PSPLIM register value for the task. */ - " mov lr, r4 \n" /* LR = r4. */ - " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ - " str r0, [r3] \n" /* Restore the task's xSecureContext. */ - " cbz r0, restore_ns_context \n" /* If there is no secure context for the task, restore the non-secure context. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " push {r2, r4} \n" - " bl SecureContext_LoadContext \n" /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - " pop {r2, r4} \n" - " mov lr, r4 \n" /* LR = r4. */ - " lsls r1, r4, #25 \n" /* r1 = r4 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - " bpl restore_ns_context \n" /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - " msr psp, r2 \n" /* Remember the new top of stack for the task. */ - " bx lr \n" - " \n" - " restore_ns_context: \n" - " ldmia r2!, {r4-r11} \n" /* Restore the registers that are not automatically restored. */ + " stmdb r2!, {r4-r11} \n" /* Store the registers that are not saved automatically. */ + " \n" + " save_special_regs: \n" + " mrs r3, psplim \n" /* r3 = PSPLIM. */ + " stmdb r2!, {r0, r3, lr} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ + #if ( configENABLE_PAC == 1 ) + " mrs r3, PAC_KEY_P_3 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r4, PAC_KEY_P_2 \n" + " mrs r5, PAC_KEY_P_1 \n" + " mrs r6, PAC_KEY_P_0 \n" + " stmdb r2!, {r3-r6} \n" /* Store the task's dedicated PAC key on the stack. */ + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + " \n" + " str r2, [r1] \n" /* Save the new top of stack in TCB. */ + " \n" + " select_next_task: \n" + " mov r0, %0 \n" /* r0 = configMAX_SYSCALL_INTERRUPT_PRIORITY */ + " msr basepri, r0 \n" /* Disable interrupts up to configMAX_SYSCALL_INTERRUPT_PRIORITY. */ + " dsb \n" + " isb \n" + " bl vTaskSwitchContext \n" + " mov r0, #0 \n" /* r0 = 0. */ + " msr basepri, r0 \n" /* Enable interrupts. */ + " \n" + " restore_context: \n" + " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ + " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ + " ldr r2, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ + " \n" + " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r2!, {r3-r6} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_1, r5 \n" + " msr PAC_KEY_P_0, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + " ldmia r2!, {r0, r3, lr} \n" /* Read from stack - r0 = xSecureContext, r3 = PSPLIM and LR restored. */ + " msr psplim, r3 \n" /* Restore the PSPLIM register value for the task. */ + " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ + " str r0, [r3] \n" /* Restore the task's xSecureContext. */ + " cbz r0, restore_ns_context \n" /* If there is no secure context for the task, restore the non-secure context. */ + " \n" + " restore_s_context: \n" + " push {r1-r3, lr} \n" + " bl SecureContext_LoadContext \n" /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + " pop {r1-r3, lr} \n" + " \n" + " restore_ns_context: \n" + " mov r0, lr \n" /* r0 = LR (EXC_RETURN). */ + " lsls r0, r0, #25 \n" /* r0 = r0 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + " bmi restore_context_done \n" /* r0 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used to store the stack frame. */ + " \n" + " restore_general_regs: \n" + " ldmia r2!, {r4-r11} \n" /* Restore the registers that are not automatically restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ " it eq \n" " vldmiaeq r2!, {s16-s31} \n" /* Restore the additional FP context registers which are not restored automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " msr psp, r2 \n" /* Remember the new top of stack for the task. */ - " bx lr \n" + " \n" + " restore_context_done: \n" + " msr psp, r2 \n" /* Remember the new top of stack for the task. */ + " bx lr \n" ::"i" ( configMAX_SYSCALL_INTERRUPT_PRIORITY ) ); } diff --git a/portable/GCC/ARM_CM55/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM55/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/GCC/ARM_CM55/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM55/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/GCC/ARM_CM55_NTZ/non_secure/port.c b/portable/GCC/ARM_CM55_NTZ/non_secure/port.c index aa9c23816..6a069bcd4 100644 --- a/portable/GCC/ARM_CM55_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM55_NTZ/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/GCC/ARM_CM55_NTZ/non_secure/portasm.c b/portable/GCC/ARM_CM55_NTZ/non_secure/portasm.c index 7cdff7005..0b31a9969 100644 --- a/portable/GCC/ARM_CM55_NTZ/non_secure/portasm.c +++ b/portable/GCC/ARM_CM55_NTZ/non_secure/portasm.c @@ -100,6 +100,14 @@ " ldr r1, [r0] \n" /* r1 = Location of saved context in TCB. */ " \n" " restore_special_regs_first_task: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r1!, {r2-r5} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_3, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " ldmdb r1!, {r2-r4, lr} \n" /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ " msr psp, r2 \n" " msr psplim, r3 \n" @@ -130,6 +138,15 @@ " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r1] \n" /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r1-r4} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r1 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r2 \n" + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_0, r4 \n" + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " mrs r1, control \n" /* Obtain current control register value. */ @@ -270,7 +287,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " vstmiaeq r1!, {s0-s16} \n" /* Store hardware saved FP context. */ " sub r2, r2, #0x20 \n" /* Set r2 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " \n" " stmia r1!, {r4-r11} \n" /* Store r4-r11. */ " ldmia r2, {r4-r11} \n" /* Copy the hardware saved context into r4-r11. */ " stmia r1!, {r4-r11} \n" /* Store the hardware saved context. */ @@ -279,6 +295,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mrs r3, psplim \n" /* r3 = PSPLIM. */ " mrs r4, control \n" /* r4 = CONTROL. */ " stmia r1!, {r2-r4, lr} \n" /* Store original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + " mrs r2, PAC_KEY_P_0 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r3, PAC_KEY_P_1 \n" + " mrs r4, PAC_KEY_P_2 \n" + " mrs r5, PAC_KEY_P_3 \n" + " stmia r1!, {r2-r5} \n" /* Store the task's dedicated PAC key on the task's context. */ + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " str r1, [r0] \n" /* Save the location from where the context should be restored as the first member of TCB. */ " \n" " select_next_task: \n" @@ -337,6 +361,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r1, [r0] \n" /* r1 = Location of saved context in TCB. */ " \n" " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r1!, {r2-r5} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_3, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " ldmdb r1!, {r2-r4, lr} \n" /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ " msr psp, r2 \n" " msr psplim, r3 \n" @@ -381,6 +413,15 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ " stmdb r0!, {r2-r11} \n" /* Store on the stack - PSPLIM, LR and registers that are not automatically saved. */ " \n" + #if ( configENABLE_PAC == 1 ) + " mrs r1, PAC_KEY_P_3 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r2, PAC_KEY_P_2 \n" + " mrs r3, PAC_KEY_P_1 \n" + " mrs r4, PAC_KEY_P_0 \n" + " stmdb r0!, {r1-r4} \n" /* Store the task's dedicated PAC key on the stack. */ + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldr r2, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " str r0, [r1] \n" /* Save the new top of stack in TCB. */ @@ -397,6 +438,15 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r0 now points to the top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r2-r5} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r3 \n" + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_0, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ + " \n" " ldmia r0!, {r2-r11} \n" /* Read from stack - r2 = PSPLIM, r3 = LR and r4-r11 restored. */ " \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) diff --git a/portable/GCC/ARM_CM55_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM55_NTZ/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/GCC/ARM_CM55_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM55_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/GCC/ARM_CM85/non_secure/port.c b/portable/GCC/ARM_CM85/non_secure/port.c index aa9c23816..6a069bcd4 100644 --- a/portable/GCC/ARM_CM85/non_secure/port.c +++ b/portable/GCC/ARM_CM85/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/GCC/ARM_CM85/non_secure/portasm.c b/portable/GCC/ARM_CM85/non_secure/portasm.c index f7d3bb181..47a16852d 100644 --- a/portable/GCC/ARM_CM85/non_secure/portasm.c +++ b/portable/GCC/ARM_CM85/non_secure/portasm.c @@ -100,6 +100,14 @@ " ldr r2, [r1] \n" /* r2 = Location of saved context in TCB. */ " \n" " restore_special_regs_first_task: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r2!, {r3-r6} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_2, r5 \n" + " msr PAC_KEY_P_3, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " ldmdb r2!, {r0, r3-r5, lr} \n" /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ " msr psp, r3 \n" " msr psplim, r4 \n" @@ -132,6 +140,15 @@ " ldr r3, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r3] \n" /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r1-r4} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r1 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r2 \n" + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_0, r4 \n" + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldm r0!, {r1-r3} \n" /* Read from stack - r1 = xSecureContext, r2 = PSPLIM and r3 = EXC_RETURN. */ " ldr r4, =xSecureContext \n" " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ @@ -280,7 +297,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " \n" " save_general_regs: \n" " mrs r3, psp \n" - " \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) " add r3, r3, #0x20 \n" /* Move r3 to location where s0 is saved. */ " tst lr, #0x10 \n" @@ -290,7 +306,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " vstmiaeq r2!, {s0-s16} \n" /* Store hardware saved FP context. */ " sub r3, r3, #0x20 \n" /* Set r3 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " \n" " stmia r2!, {r4-r11} \n" /* Store r4-r11. */ " ldmia r3, {r4-r11} \n" /* Copy the hardware saved context into r4-r11. */ " stmia r2!, {r4-r11} \n" /* Store the hardware saved context. */ @@ -300,6 +315,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mrs r4, psplim \n" /* r4 = PSPLIM. */ " mrs r5, control \n" /* r5 = CONTROL. */ " stmia r2!, {r0, r3-r5, lr} \n" /* Store xSecureContext, original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + " mrs r3, PAC_KEY_P_0 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r4, PAC_KEY_P_1 \n" + " mrs r5, PAC_KEY_P_2 \n" + " mrs r6, PAC_KEY_P_3 \n" + " stmia r2!, {r3-r6} \n" /* Store the task's dedicated PAC key on the task's context. */ + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " str r2, [r1] \n" /* Save the location from where the context should be restored as the first member of TCB. */ " \n" " select_next_task: \n" @@ -358,6 +381,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r2, [r1] \n" /* r2 = Location of saved context in TCB. */ " \n" " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r2!, {r3-r6} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_2, r5 \n" + " msr PAC_KEY_P_3, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ " ldmdb r2!, {r0, r3-r5, lr} \n" /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ " msr psp, r3 \n" " msr psplim, r4 \n" @@ -401,82 +432,99 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att { __asm volatile ( - " .syntax unified \n" - " .extern SecureContext_SaveContext \n" - " .extern SecureContext_LoadContext \n" - " \n" - " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ - " ldr r0, [r3] \n" /* Read xSecureContext - Value of xSecureContext must be in r0 as it is used as a parameter later. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB - Value of pxCurrentTCB must be in r1 as it is used as a parameter later. */ - " mrs r2, psp \n" /* Read PSP in r2. */ - " \n" - " cbz r0, save_ns_context \n" /* No secure context to save. */ - " push {r0-r2, r14} \n" - " bl SecureContext_SaveContext \n" /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - " pop {r0-r3} \n" /* LR is now in r3. */ - " mov lr, r3 \n" /* LR = r3. */ - " lsls r1, r3, #25 \n" /* r1 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - " bpl save_ns_context \n" /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - " \n" - " mrs r1, psplim \n" /* r1 = PSPLIM. */ - " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ - " stmdb r2!, {r0, r1, r3} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ - " b select_next_task \n" - " \n" - " save_ns_context: \n" + " .syntax unified \n" + " .extern SecureContext_SaveContext \n" + " .extern SecureContext_LoadContext \n" + " \n" + " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ + " ldr r0, [r3] \n" /* Read xSecureContext - Value of xSecureContext must be in r0 as it is used as a parameter later. */ + " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ + " ldr r1, [r3] \n" /* Read pxCurrentTCB - Value of pxCurrentTCB must be in r1 as it is used as a parameter later. */ + " mrs r2, psp \n" /* Read PSP in r2. */ + " \n" + " cbz r0, save_ns_context \n" /* No secure context to save. */ + " save_s_context: \n" + " push {r0-r2, lr} \n" + " bl SecureContext_SaveContext \n" /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + " pop {r0-r2, lr} \n" + " \n" + " save_ns_context: \n" + " mov r3, lr \n" /* r3 = LR (EXC_RETURN). */ + " lsls r3, r3, #25 \n" /* r3 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + " bmi save_special_regs \n" /* If r3 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used. */ + " \n" + " save_general_regs: \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ - " it eq \n" - " vstmdbeq r2!, {s16-s31} \n" /* Store the additional FP context registers which are not saved automatically. */ + " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ + " it eq \n" + " vstmdbeq r2!, {s16-s31} \n" /* Store the additional FP context registers which are not saved automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " stmdb r2!, {r4-r11} \n" /* Store the registers that are not saved automatically. */ - " mrs r1, psplim \n" /* r1 = PSPLIM. */ - " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ - " stmdb r2!, {r0, r1, r3} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " str r2, [r1] \n" /* Save the new top of stack in TCB. */ - " \n" - " select_next_task: \n" - " mov r0, %0 \n" /* r0 = configMAX_SYSCALL_INTERRUPT_PRIORITY */ - " msr basepri, r0 \n" /* Disable interrupts up to configMAX_SYSCALL_INTERRUPT_PRIORITY. */ - " dsb \n" - " isb \n" - " bl vTaskSwitchContext \n" - " mov r0, #0 \n" /* r0 = 0. */ - " msr basepri, r0 \n" /* Enable interrupts. */ - " \n" - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " ldr r2, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ - " \n" - " ldmia r2!, {r0, r1, r4} \n" /* Read from stack - r0 = xSecureContext, r1 = PSPLIM and r4 = LR. */ - " msr psplim, r1 \n" /* Restore the PSPLIM register value for the task. */ - " mov lr, r4 \n" /* LR = r4. */ - " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ - " str r0, [r3] \n" /* Restore the task's xSecureContext. */ - " cbz r0, restore_ns_context \n" /* If there is no secure context for the task, restore the non-secure context. */ - " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ - " push {r2, r4} \n" - " bl SecureContext_LoadContext \n" /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - " pop {r2, r4} \n" - " mov lr, r4 \n" /* LR = r4. */ - " lsls r1, r4, #25 \n" /* r1 = r4 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - " bpl restore_ns_context \n" /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - " msr psp, r2 \n" /* Remember the new top of stack for the task. */ - " bx lr \n" - " \n" - " restore_ns_context: \n" - " ldmia r2!, {r4-r11} \n" /* Restore the registers that are not automatically restored. */ + " stmdb r2!, {r4-r11} \n" /* Store the registers that are not saved automatically. */ + " \n" + " save_special_regs: \n" + " mrs r3, psplim \n" /* r3 = PSPLIM. */ + " stmdb r2!, {r0, r3, lr} \n" /* Store xSecureContext, PSPLIM and LR on the stack. */ + #if ( configENABLE_PAC == 1 ) + " mrs r3, PAC_KEY_P_3 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r4, PAC_KEY_P_2 \n" + " mrs r5, PAC_KEY_P_1 \n" + " mrs r6, PAC_KEY_P_0 \n" + " stmdb r2!, {r3-r6} \n" /* Store the task's dedicated PAC key on the stack. */ + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + " \n" + " str r2, [r1] \n" /* Save the new top of stack in TCB. */ + " \n" + " select_next_task: \n" + " mov r0, %0 \n" /* r0 = configMAX_SYSCALL_INTERRUPT_PRIORITY */ + " msr basepri, r0 \n" /* Disable interrupts up to configMAX_SYSCALL_INTERRUPT_PRIORITY. */ + " dsb \n" + " isb \n" + " bl vTaskSwitchContext \n" + " mov r0, #0 \n" /* r0 = 0. */ + " msr basepri, r0 \n" /* Enable interrupts. */ + " \n" + " restore_context: \n" + " ldr r3, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ + " ldr r1, [r3] \n" /* Read pxCurrentTCB. */ + " ldr r2, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ + " \n" + " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r2!, {r3-r6} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r3 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_1, r5 \n" + " msr PAC_KEY_P_0, r6 \n" + " clrm {r3-r6} \n" /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + " ldmia r2!, {r0, r3, lr} \n" /* Read from stack - r0 = xSecureContext, r3 = PSPLIM and LR restored. */ + " msr psplim, r3 \n" /* Restore the PSPLIM register value for the task. */ + " ldr r3, =xSecureContext \n" /* Read the location of xSecureContext i.e. &( xSecureContext ). */ + " str r0, [r3] \n" /* Restore the task's xSecureContext. */ + " cbz r0, restore_ns_context \n" /* If there is no secure context for the task, restore the non-secure context. */ + " \n" + " restore_s_context: \n" + " push {r1-r3, lr} \n" + " bl SecureContext_LoadContext \n" /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + " pop {r1-r3, lr} \n" + " \n" + " restore_ns_context: \n" + " mov r0, lr \n" /* r0 = LR (EXC_RETURN). */ + " lsls r0, r0, #25 \n" /* r0 = r0 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + " bmi restore_context_done \n" /* r0 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used to store the stack frame. */ + " \n" + " restore_general_regs: \n" + " ldmia r2!, {r4-r11} \n" /* Restore the registers that are not automatically restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) " tst lr, #0x10 \n" /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ " it eq \n" " vldmiaeq r2!, {s16-s31} \n" /* Restore the additional FP context registers which are not restored automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " msr psp, r2 \n" /* Remember the new top of stack for the task. */ - " bx lr \n" + " \n" + " restore_context_done: \n" + " msr psp, r2 \n" /* Remember the new top of stack for the task. */ + " bx lr \n" ::"i" ( configMAX_SYSCALL_INTERRUPT_PRIORITY ) ); } diff --git a/portable/GCC/ARM_CM85/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM85/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/GCC/ARM_CM85/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM85/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/GCC/ARM_CM85_NTZ/non_secure/port.c b/portable/GCC/ARM_CM85_NTZ/non_secure/port.c index 80225b5cb..62f4fd267 100644 --- a/portable/GCC/ARM_CM85_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM85_NTZ/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/GCC/ARM_CM85_NTZ/non_secure/portasm.c b/portable/GCC/ARM_CM85_NTZ/non_secure/portasm.c index 7cdff7005..0b31a9969 100644 --- a/portable/GCC/ARM_CM85_NTZ/non_secure/portasm.c +++ b/portable/GCC/ARM_CM85_NTZ/non_secure/portasm.c @@ -100,6 +100,14 @@ " ldr r1, [r0] \n" /* r1 = Location of saved context in TCB. */ " \n" " restore_special_regs_first_task: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r1!, {r2-r5} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_3, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " ldmdb r1!, {r2-r4, lr} \n" /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ " msr psp, r2 \n" " msr psplim, r3 \n" @@ -130,6 +138,15 @@ " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r1] \n" /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r1-r4} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r1 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r2 \n" + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_0, r4 \n" + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " mrs r1, control \n" /* Obtain current control register value. */ @@ -270,7 +287,6 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " vstmiaeq r1!, {s0-s16} \n" /* Store hardware saved FP context. */ " sub r2, r2, #0x20 \n" /* Set r2 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - " \n" " stmia r1!, {r4-r11} \n" /* Store r4-r11. */ " ldmia r2, {r4-r11} \n" /* Copy the hardware saved context into r4-r11. */ " stmia r1!, {r4-r11} \n" /* Store the hardware saved context. */ @@ -279,6 +295,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mrs r3, psplim \n" /* r3 = PSPLIM. */ " mrs r4, control \n" /* r4 = CONTROL. */ " stmia r1!, {r2-r4, lr} \n" /* Store original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + " mrs r2, PAC_KEY_P_0 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r3, PAC_KEY_P_1 \n" + " mrs r4, PAC_KEY_P_2 \n" + " mrs r5, PAC_KEY_P_3 \n" + " stmia r1!, {r2-r5} \n" /* Store the task's dedicated PAC key on the task's context. */ + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " str r1, [r0] \n" /* Save the location from where the context should be restored as the first member of TCB. */ " \n" " select_next_task: \n" @@ -337,6 +361,14 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r1, [r0] \n" /* r1 = Location of saved context in TCB. */ " \n" " restore_special_regs: \n" + #if ( configENABLE_PAC == 1 ) + " ldmdb r1!, {r2-r5} \n" /* Read task's dedicated PAC key from the task's context. */ + " msr PAC_KEY_P_0, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_1, r3 \n" + " msr PAC_KEY_P_2, r4 \n" + " msr PAC_KEY_P_3, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ " ldmdb r1!, {r2-r4, lr} \n" /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ " msr psp, r2 \n" " msr psplim, r3 \n" @@ -381,6 +413,15 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " mov r3, lr \n" /* r3 = LR/EXC_RETURN. */ " stmdb r0!, {r2-r11} \n" /* Store on the stack - PSPLIM, LR and registers that are not automatically saved. */ " \n" + #if ( configENABLE_PAC == 1 ) + " mrs r1, PAC_KEY_P_3 \n" /* Read task's dedicated PAC key from the PAC key registers. */ + " mrs r2, PAC_KEY_P_2 \n" + " mrs r3, PAC_KEY_P_1 \n" + " mrs r4, PAC_KEY_P_0 \n" + " stmdb r0!, {r1-r4} \n" /* Store the task's dedicated PAC key on the stack. */ + " clrm {r1-r4} \n" /* Clear r1-r4. */ + #endif /* configENABLE_PAC */ + " \n" " ldr r2, =pxCurrentTCB \n" /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " str r0, [r1] \n" /* Save the new top of stack in TCB. */ @@ -397,6 +438,15 @@ void vClearInterruptMask( __attribute__( ( unused ) ) uint32_t ulMask ) /* __att " ldr r1, [r2] \n" /* Read pxCurrentTCB. */ " ldr r0, [r1] \n" /* The first item in pxCurrentTCB is the task top of stack. r0 now points to the top of stack. */ " \n" + #if ( configENABLE_PAC == 1 ) + " ldmia r0!, {r2-r5} \n" /* Read task's dedicated PAC key from stack. */ + " msr PAC_KEY_P_3, r2 \n" /* Write the task's dedicated PAC key to the PAC key registers. */ + " msr PAC_KEY_P_2, r3 \n" + " msr PAC_KEY_P_1, r4 \n" + " msr PAC_KEY_P_0, r5 \n" + " clrm {r2-r5} \n" /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ + " \n" " ldmia r0!, {r2-r11} \n" /* Read from stack - r2 = PSPLIM, r3 = LR and r4-r11 restored. */ " \n" #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) diff --git a/portable/GCC/ARM_CM85_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM85_NTZ/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/GCC/ARM_CM85_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM85_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/IAR/ARM_CM23/non_secure/port.c b/portable/IAR/ARM_CM23/non_secure/port.c index 5c963ea29..4c12710e2 100644 --- a/portable/IAR/ARM_CM23/non_secure/port.c +++ b/portable/IAR/ARM_CM23/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/IAR/ARM_CM23/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM23/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/IAR/ARM_CM23/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM23/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/IAR/ARM_CM23_NTZ/non_secure/port.c b/portable/IAR/ARM_CM23_NTZ/non_secure/port.c index 5c963ea29..4c12710e2 100644 --- a/portable/IAR/ARM_CM23_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM23_NTZ/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/IAR/ARM_CM23_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM23_NTZ/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/IAR/ARM_CM23_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM23_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/IAR/ARM_CM33/non_secure/port.c b/portable/IAR/ARM_CM33/non_secure/port.c index 5c963ea29..4c12710e2 100644 --- a/portable/IAR/ARM_CM33/non_secure/port.c +++ b/portable/IAR/ARM_CM33/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/IAR/ARM_CM33/non_secure/portasm.s b/portable/IAR/ARM_CM33/non_secure/portasm.s index c77fd3940..8d5988819 100644 --- a/portable/IAR/ARM_CM33/non_secure/portasm.s +++ b/portable/IAR/ARM_CM33/non_secure/portasm.s @@ -152,6 +152,14 @@ vRestoreContextOfFirstTask: ldr r2, [r1] /* r2 = Location of saved context in TCB. */ restore_special_regs_first_task: + #if ( configENABLE_PAC == 1 ) + ldmdb r2!, {r3-r6} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_2, r5 + msr PAC_KEY_P_3, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ ldmdb r2!, {r0, r3-r5, lr} /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ msr psp, r3 msr psplim, r4 @@ -177,6 +185,15 @@ vRestoreContextOfFirstTask: ldr r3, [r2] /* Read pxCurrentTCB. */ ldr r0, [r3] /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r1-r4} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r1 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r2 + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_0, r4 + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldm r0!, {r1-r3} /* Read from stack - r1 = xSecureContext, r2 = PSPLIM and r3 = EXC_RETURN. */ ldr r4, =xSecureContext str r1, [r4] /* Set xSecureContext to this task's value for the same. */ @@ -271,7 +288,16 @@ PendSV_Handler: mrs r4, psplim /* r4 = PSPLIM. */ mrs r5, control /* r5 = CONTROL. */ stmia r2!, {r0, r3-r5, lr} /* Store xSecureContext, original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ - str r2, [r1] /* Save the location from where the context should be restored as the first member of TCB. */ + #if ( configENABLE_PAC == 1 ) + mrs r3, PAC_KEY_P_0 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r4, PAC_KEY_P_1 + mrs r5, PAC_KEY_P_2 + mrs r6, PAC_KEY_P_3 + stmia r2!, {r3-r6} /* Store the task's dedicated PAC key on the task's context. */ + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + + str r2, [r1] /* Save the location from where the context should be restored as the first member of TCB. */ select_next_task: mov r0, #configMAX_SYSCALL_INTERRUPT_PRIORITY @@ -329,6 +355,14 @@ PendSV_Handler: ldr r2, [r1] /* r2 = Location of saved context in TCB. */ restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmdb r2!, {r3-r6} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_2, r5 + msr PAC_KEY_P_3, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ ldmdb r2!, {r0, r3-r5, lr} /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ msr psp, r3 msr psplim, r4 @@ -374,31 +408,37 @@ PendSV_Handler: mrs r2, psp /* Read PSP in r2. */ cbz r0, save_ns_context /* No secure context to save. */ - push {r0-r2, r14} - bl SecureContext_SaveContext /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - pop {r0-r3} /* LR is now in r3. */ - mov lr, r3 /* LR = r3. */ - lsls r1, r3, #25 /* r1 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - bpl save_ns_context /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - - mrs r1, psplim /* r1 = PSPLIM. */ - mov r3, lr /* r3 = LR/EXC_RETURN. */ - stmdb r2!, {r0, r1, r3} /* Store xSecureContext, PSPLIM and LR on the stack. */ - b select_next_task + save_s_context: + push {r0-r2, lr} + bl SecureContext_SaveContext /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + pop {r0-r2, lr} save_ns_context: + mov r3, lr /* r3 = LR. */ + lsls r3, r3, #25 /* r3 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + bmi save_special_regs /* If r3 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used. */ + + save_general_regs: #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) tst lr, #0x10 /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ it eq vstmdbeq r2!, {s16-s31} /* Store the additional FP context registers which are not saved automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ stmdb r2!, {r4-r11} /* Store the registers that are not saved automatically. */ - mrs r1, psplim /* r1 = PSPLIM. */ - mov r3, lr /* r3 = LR/EXC_RETURN. */ - stmdb r2!, {r0, r1, r3} /* Store xSecureContext, PSPLIM and LR on the stack. */ - ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - ldr r1, [r3] /* Read pxCurrentTCB. */ - str r2, [r1] /* Save the new top of stack in TCB. */ + + save_special_regs: + mrs r3, psplim /* r3 = PSPLIM. */ + stmdb r2!, {r0, r3, lr} /* Store xSecureContext, PSPLIM and LR on the stack. */ + #if ( configENABLE_PAC == 1 ) + mrs r3, PAC_KEY_P_3 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r4, PAC_KEY_P_2 + mrs r5, PAC_KEY_P_1 + mrs r6, PAC_KEY_P_0 + stmdb r2!, {r3-r6} /* Store the task's dedicated PAC key on the stack. */ + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + + str r2, [r1] /* Save the new top of stack in TCB. */ select_next_task: mov r0, #configMAX_SYSCALL_INTERRUPT_PRIORITY @@ -409,34 +449,45 @@ PendSV_Handler: mov r0, #0 /* r0 = 0. */ msr basepri, r0 /* Enable interrupts. */ + restore_context: ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ ldr r1, [r3] /* Read pxCurrentTCB. */ ldr r2, [r1] /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ - ldmia r2!, {r0, r1, r4} /* Read from stack - r0 = xSecureContext, r1 = PSPLIM and r4 = LR. */ - msr psplim, r1 /* Restore the PSPLIM register value for the task. */ - mov lr, r4 /* LR = r4. */ + restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmia r2!, {r3-r6} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_1, r5 + msr PAC_KEY_P_0, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + ldmia r2!, {r0, r3, lr} http://files.iar.com/ftp/pub/box/bxarm-9.60.3.deb/* Read from stack - r0 = xSecureContext, r3 = PSPLIM and LR restored. */ + msr psplim, r3 /* Restore the PSPLIM register value for the task. */ ldr r3, =xSecureContext /* Read the location of xSecureContext i.e. &( xSecureContext ). */ str r0, [r3] /* Restore the task's xSecureContext. */ cbz r0, restore_ns_context /* If there is no secure context for the task, restore the non-secure context. */ - ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - ldr r1, [r3] /* Read pxCurrentTCB. */ - push {r2, r4} + + restore_s_context: + push {r1-r3, lr} bl SecureContext_LoadContext /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - pop {r2, r4} - mov lr, r4 /* LR = r4. */ - lsls r1, r4, #25 /* r1 = r4 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - bpl restore_ns_context /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - msr psp, r2 /* Remember the new top of stack for the task. */ - bx lr + pop {r1-r3, lr} restore_ns_context: + mov r0, lr /* r0 = LR (EXC_RETURN). */ + lsls r0, r0, #25 /* r0 = r0 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + bmi restore_context_done /* r0 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used to store the stack frame. */ + + restore_general_regs: ldmia r2!, {r4-r11} /* Restore the registers that are not automatically restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) tst lr, #0x10 /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ it eq vldmiaeq r2!, {s16-s31} /* Restore the additional FP context registers which are not restored automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ + + restore_context_done: msr psp, r2 /* Remember the new top of stack for the task. */ bx lr diff --git a/portable/IAR/ARM_CM33/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM33/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/IAR/ARM_CM33/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM33/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/IAR/ARM_CM33_NTZ/non_secure/port.c b/portable/IAR/ARM_CM33_NTZ/non_secure/port.c index 5c963ea29..4c12710e2 100644 --- a/portable/IAR/ARM_CM33_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM33_NTZ/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/IAR/ARM_CM33_NTZ/non_secure/portasm.s b/portable/IAR/ARM_CM33_NTZ/non_secure/portasm.s index 9d6c6a7ef..ba6e8e915 100644 --- a/portable/IAR/ARM_CM33_NTZ/non_secure/portasm.s +++ b/portable/IAR/ARM_CM33_NTZ/non_secure/portasm.s @@ -142,6 +142,14 @@ vRestoreContextOfFirstTask: ldr r1, [r0] /* r1 = Location of saved context in TCB. */ restore_special_regs_first_task: + #if ( configENABLE_PAC == 1 ) + ldmdb r1!, {r2-r5} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_3, r5 + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ ldmdb r1!, {r2-r4, lr} /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ msr psp, r2 msr psplim, r3 @@ -165,6 +173,15 @@ vRestoreContextOfFirstTask: ldr r1, [r2] /* Read pxCurrentTCB. */ ldr r0, [r1] /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r1-r4} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r1 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r2 + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_0, r4 + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ msr psplim, r1 /* Set this task's PSPLIM value. */ mrs r1, control /* Obtain current control register value. */ @@ -233,7 +250,6 @@ PendSV_Handler: vstmiaeq r1!, {s0-s16} /* Store hardware saved FP context. */ sub r2, r2, #0x20 /* Set r2 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - stmia r1!, {r4-r11} /* Store r4-r11. */ ldmia r2, {r4-r11} /* Copy the hardware saved context into r4-r11. */ stmia r1!, {r4-r11} /* Store the hardware saved context. */ @@ -242,6 +258,15 @@ PendSV_Handler: mrs r3, psplim /* r3 = PSPLIM. */ mrs r4, control /* r4 = CONTROL. */ stmia r1!, {r2-r4, lr} /* Store original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + mrs r2, PAC_KEY_P_0 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r3, PAC_KEY_P_1 + mrs r4, PAC_KEY_P_2 + mrs r5, PAC_KEY_P_3 + stmia r1!, {r2-r5} /* Store the task's dedicated PAC key on the task's context. */ + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ + str r1, [r0] /* Save the location from where the context should be restored as the first member of TCB. */ select_next_task: @@ -300,6 +325,14 @@ PendSV_Handler: ldr r1, [r0] /* r1 = Location of saved context in TCB. */ restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmdb r1!, {r2-r5} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_3, r5 + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ ldmdb r1!, {r2-r4, lr} /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ msr psp, r2 msr psplim, r3 @@ -335,6 +368,15 @@ PendSV_Handler: mov r3, lr /* r3 = LR/EXC_RETURN. */ stmdb r0!, {r2-r11} /* Store on the stack - PSPLIM, LR and registers that are not automatically. */ +#if ( configENABLE_PAC == 1 ) + mrs r1, PAC_KEY_P_3 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r2, PAC_KEY_P_2 + mrs r3, PAC_KEY_P_1 + mrs r4, PAC_KEY_P_0 + stmdb r0!, {r1-r4} /* Store the task's dedicated PAC key on the stack. */ + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldr r2, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ ldr r1, [r2] /* Read pxCurrentTCB. */ str r0, [r1] /* Save the new top of stack in TCB. */ @@ -351,6 +393,15 @@ PendSV_Handler: ldr r1, [r2] /* Read pxCurrentTCB. */ ldr r0, [r1] /* The first item in pxCurrentTCB is the task top of stack. r0 now points to the top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r2-r5} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r3 + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_0, r5 + clrm {r2-r5} /* Clear r2-r5. */ +#endif /* configENABLE_PAC */ + ldmia r0!, {r2-r11} /* Read from stack - r2 = PSPLIM, r3 = LR and r4-r11 restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) diff --git a/portable/IAR/ARM_CM33_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM33_NTZ/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/IAR/ARM_CM33_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM33_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/IAR/ARM_CM35P/non_secure/port.c b/portable/IAR/ARM_CM35P/non_secure/port.c index 9fdbe6d50..db42e98ff 100644 --- a/portable/IAR/ARM_CM35P/non_secure/port.c +++ b/portable/IAR/ARM_CM35P/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/IAR/ARM_CM35P/non_secure/portasm.s b/portable/IAR/ARM_CM35P/non_secure/portasm.s index c77fd3940..8d5988819 100644 --- a/portable/IAR/ARM_CM35P/non_secure/portasm.s +++ b/portable/IAR/ARM_CM35P/non_secure/portasm.s @@ -152,6 +152,14 @@ vRestoreContextOfFirstTask: ldr r2, [r1] /* r2 = Location of saved context in TCB. */ restore_special_regs_first_task: + #if ( configENABLE_PAC == 1 ) + ldmdb r2!, {r3-r6} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_2, r5 + msr PAC_KEY_P_3, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ ldmdb r2!, {r0, r3-r5, lr} /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ msr psp, r3 msr psplim, r4 @@ -177,6 +185,15 @@ vRestoreContextOfFirstTask: ldr r3, [r2] /* Read pxCurrentTCB. */ ldr r0, [r3] /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r1-r4} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r1 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r2 + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_0, r4 + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldm r0!, {r1-r3} /* Read from stack - r1 = xSecureContext, r2 = PSPLIM and r3 = EXC_RETURN. */ ldr r4, =xSecureContext str r1, [r4] /* Set xSecureContext to this task's value for the same. */ @@ -271,7 +288,16 @@ PendSV_Handler: mrs r4, psplim /* r4 = PSPLIM. */ mrs r5, control /* r5 = CONTROL. */ stmia r2!, {r0, r3-r5, lr} /* Store xSecureContext, original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ - str r2, [r1] /* Save the location from where the context should be restored as the first member of TCB. */ + #if ( configENABLE_PAC == 1 ) + mrs r3, PAC_KEY_P_0 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r4, PAC_KEY_P_1 + mrs r5, PAC_KEY_P_2 + mrs r6, PAC_KEY_P_3 + stmia r2!, {r3-r6} /* Store the task's dedicated PAC key on the task's context. */ + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + + str r2, [r1] /* Save the location from where the context should be restored as the first member of TCB. */ select_next_task: mov r0, #configMAX_SYSCALL_INTERRUPT_PRIORITY @@ -329,6 +355,14 @@ PendSV_Handler: ldr r2, [r1] /* r2 = Location of saved context in TCB. */ restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmdb r2!, {r3-r6} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_2, r5 + msr PAC_KEY_P_3, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ ldmdb r2!, {r0, r3-r5, lr} /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ msr psp, r3 msr psplim, r4 @@ -374,31 +408,37 @@ PendSV_Handler: mrs r2, psp /* Read PSP in r2. */ cbz r0, save_ns_context /* No secure context to save. */ - push {r0-r2, r14} - bl SecureContext_SaveContext /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - pop {r0-r3} /* LR is now in r3. */ - mov lr, r3 /* LR = r3. */ - lsls r1, r3, #25 /* r1 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - bpl save_ns_context /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - - mrs r1, psplim /* r1 = PSPLIM. */ - mov r3, lr /* r3 = LR/EXC_RETURN. */ - stmdb r2!, {r0, r1, r3} /* Store xSecureContext, PSPLIM and LR on the stack. */ - b select_next_task + save_s_context: + push {r0-r2, lr} + bl SecureContext_SaveContext /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + pop {r0-r2, lr} save_ns_context: + mov r3, lr /* r3 = LR. */ + lsls r3, r3, #25 /* r3 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + bmi save_special_regs /* If r3 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used. */ + + save_general_regs: #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) tst lr, #0x10 /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ it eq vstmdbeq r2!, {s16-s31} /* Store the additional FP context registers which are not saved automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ stmdb r2!, {r4-r11} /* Store the registers that are not saved automatically. */ - mrs r1, psplim /* r1 = PSPLIM. */ - mov r3, lr /* r3 = LR/EXC_RETURN. */ - stmdb r2!, {r0, r1, r3} /* Store xSecureContext, PSPLIM and LR on the stack. */ - ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - ldr r1, [r3] /* Read pxCurrentTCB. */ - str r2, [r1] /* Save the new top of stack in TCB. */ + + save_special_regs: + mrs r3, psplim /* r3 = PSPLIM. */ + stmdb r2!, {r0, r3, lr} /* Store xSecureContext, PSPLIM and LR on the stack. */ + #if ( configENABLE_PAC == 1 ) + mrs r3, PAC_KEY_P_3 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r4, PAC_KEY_P_2 + mrs r5, PAC_KEY_P_1 + mrs r6, PAC_KEY_P_0 + stmdb r2!, {r3-r6} /* Store the task's dedicated PAC key on the stack. */ + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + + str r2, [r1] /* Save the new top of stack in TCB. */ select_next_task: mov r0, #configMAX_SYSCALL_INTERRUPT_PRIORITY @@ -409,34 +449,45 @@ PendSV_Handler: mov r0, #0 /* r0 = 0. */ msr basepri, r0 /* Enable interrupts. */ + restore_context: ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ ldr r1, [r3] /* Read pxCurrentTCB. */ ldr r2, [r1] /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ - ldmia r2!, {r0, r1, r4} /* Read from stack - r0 = xSecureContext, r1 = PSPLIM and r4 = LR. */ - msr psplim, r1 /* Restore the PSPLIM register value for the task. */ - mov lr, r4 /* LR = r4. */ + restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmia r2!, {r3-r6} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_1, r5 + msr PAC_KEY_P_0, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + ldmia r2!, {r0, r3, lr} http://files.iar.com/ftp/pub/box/bxarm-9.60.3.deb/* Read from stack - r0 = xSecureContext, r3 = PSPLIM and LR restored. */ + msr psplim, r3 /* Restore the PSPLIM register value for the task. */ ldr r3, =xSecureContext /* Read the location of xSecureContext i.e. &( xSecureContext ). */ str r0, [r3] /* Restore the task's xSecureContext. */ cbz r0, restore_ns_context /* If there is no secure context for the task, restore the non-secure context. */ - ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - ldr r1, [r3] /* Read pxCurrentTCB. */ - push {r2, r4} + + restore_s_context: + push {r1-r3, lr} bl SecureContext_LoadContext /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - pop {r2, r4} - mov lr, r4 /* LR = r4. */ - lsls r1, r4, #25 /* r1 = r4 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - bpl restore_ns_context /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - msr psp, r2 /* Remember the new top of stack for the task. */ - bx lr + pop {r1-r3, lr} restore_ns_context: + mov r0, lr /* r0 = LR (EXC_RETURN). */ + lsls r0, r0, #25 /* r0 = r0 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + bmi restore_context_done /* r0 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used to store the stack frame. */ + + restore_general_regs: ldmia r2!, {r4-r11} /* Restore the registers that are not automatically restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) tst lr, #0x10 /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ it eq vldmiaeq r2!, {s16-s31} /* Restore the additional FP context registers which are not restored automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ + + restore_context_done: msr psp, r2 /* Remember the new top of stack for the task. */ bx lr diff --git a/portable/IAR/ARM_CM35P/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM35P/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/IAR/ARM_CM35P/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM35P/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/IAR/ARM_CM35P_NTZ/non_secure/port.c b/portable/IAR/ARM_CM35P_NTZ/non_secure/port.c index f3f5d3edd..82a4c6bc5 100644 --- a/portable/IAR/ARM_CM35P_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM35P_NTZ/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/IAR/ARM_CM35P_NTZ/non_secure/portasm.s b/portable/IAR/ARM_CM35P_NTZ/non_secure/portasm.s index 9d6c6a7ef..ba6e8e915 100644 --- a/portable/IAR/ARM_CM35P_NTZ/non_secure/portasm.s +++ b/portable/IAR/ARM_CM35P_NTZ/non_secure/portasm.s @@ -142,6 +142,14 @@ vRestoreContextOfFirstTask: ldr r1, [r0] /* r1 = Location of saved context in TCB. */ restore_special_regs_first_task: + #if ( configENABLE_PAC == 1 ) + ldmdb r1!, {r2-r5} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_3, r5 + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ ldmdb r1!, {r2-r4, lr} /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ msr psp, r2 msr psplim, r3 @@ -165,6 +173,15 @@ vRestoreContextOfFirstTask: ldr r1, [r2] /* Read pxCurrentTCB. */ ldr r0, [r1] /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r1-r4} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r1 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r2 + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_0, r4 + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ msr psplim, r1 /* Set this task's PSPLIM value. */ mrs r1, control /* Obtain current control register value. */ @@ -233,7 +250,6 @@ PendSV_Handler: vstmiaeq r1!, {s0-s16} /* Store hardware saved FP context. */ sub r2, r2, #0x20 /* Set r2 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - stmia r1!, {r4-r11} /* Store r4-r11. */ ldmia r2, {r4-r11} /* Copy the hardware saved context into r4-r11. */ stmia r1!, {r4-r11} /* Store the hardware saved context. */ @@ -242,6 +258,15 @@ PendSV_Handler: mrs r3, psplim /* r3 = PSPLIM. */ mrs r4, control /* r4 = CONTROL. */ stmia r1!, {r2-r4, lr} /* Store original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + mrs r2, PAC_KEY_P_0 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r3, PAC_KEY_P_1 + mrs r4, PAC_KEY_P_2 + mrs r5, PAC_KEY_P_3 + stmia r1!, {r2-r5} /* Store the task's dedicated PAC key on the task's context. */ + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ + str r1, [r0] /* Save the location from where the context should be restored as the first member of TCB. */ select_next_task: @@ -300,6 +325,14 @@ PendSV_Handler: ldr r1, [r0] /* r1 = Location of saved context in TCB. */ restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmdb r1!, {r2-r5} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_3, r5 + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ ldmdb r1!, {r2-r4, lr} /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ msr psp, r2 msr psplim, r3 @@ -335,6 +368,15 @@ PendSV_Handler: mov r3, lr /* r3 = LR/EXC_RETURN. */ stmdb r0!, {r2-r11} /* Store on the stack - PSPLIM, LR and registers that are not automatically. */ +#if ( configENABLE_PAC == 1 ) + mrs r1, PAC_KEY_P_3 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r2, PAC_KEY_P_2 + mrs r3, PAC_KEY_P_1 + mrs r4, PAC_KEY_P_0 + stmdb r0!, {r1-r4} /* Store the task's dedicated PAC key on the stack. */ + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldr r2, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ ldr r1, [r2] /* Read pxCurrentTCB. */ str r0, [r1] /* Save the new top of stack in TCB. */ @@ -351,6 +393,15 @@ PendSV_Handler: ldr r1, [r2] /* Read pxCurrentTCB. */ ldr r0, [r1] /* The first item in pxCurrentTCB is the task top of stack. r0 now points to the top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r2-r5} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r3 + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_0, r5 + clrm {r2-r5} /* Clear r2-r5. */ +#endif /* configENABLE_PAC */ + ldmia r0!, {r2-r11} /* Read from stack - r2 = PSPLIM, r3 = LR and r4-r11 restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) diff --git a/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/IAR/ARM_CM55/non_secure/port.c b/portable/IAR/ARM_CM55/non_secure/port.c index f3f5d3edd..82a4c6bc5 100644 --- a/portable/IAR/ARM_CM55/non_secure/port.c +++ b/portable/IAR/ARM_CM55/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/IAR/ARM_CM55/non_secure/portasm.s b/portable/IAR/ARM_CM55/non_secure/portasm.s index c77fd3940..8d5988819 100644 --- a/portable/IAR/ARM_CM55/non_secure/portasm.s +++ b/portable/IAR/ARM_CM55/non_secure/portasm.s @@ -152,6 +152,14 @@ vRestoreContextOfFirstTask: ldr r2, [r1] /* r2 = Location of saved context in TCB. */ restore_special_regs_first_task: + #if ( configENABLE_PAC == 1 ) + ldmdb r2!, {r3-r6} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_2, r5 + msr PAC_KEY_P_3, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ ldmdb r2!, {r0, r3-r5, lr} /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ msr psp, r3 msr psplim, r4 @@ -177,6 +185,15 @@ vRestoreContextOfFirstTask: ldr r3, [r2] /* Read pxCurrentTCB. */ ldr r0, [r3] /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r1-r4} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r1 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r2 + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_0, r4 + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldm r0!, {r1-r3} /* Read from stack - r1 = xSecureContext, r2 = PSPLIM and r3 = EXC_RETURN. */ ldr r4, =xSecureContext str r1, [r4] /* Set xSecureContext to this task's value for the same. */ @@ -271,7 +288,16 @@ PendSV_Handler: mrs r4, psplim /* r4 = PSPLIM. */ mrs r5, control /* r5 = CONTROL. */ stmia r2!, {r0, r3-r5, lr} /* Store xSecureContext, original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ - str r2, [r1] /* Save the location from where the context should be restored as the first member of TCB. */ + #if ( configENABLE_PAC == 1 ) + mrs r3, PAC_KEY_P_0 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r4, PAC_KEY_P_1 + mrs r5, PAC_KEY_P_2 + mrs r6, PAC_KEY_P_3 + stmia r2!, {r3-r6} /* Store the task's dedicated PAC key on the task's context. */ + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + + str r2, [r1] /* Save the location from where the context should be restored as the first member of TCB. */ select_next_task: mov r0, #configMAX_SYSCALL_INTERRUPT_PRIORITY @@ -329,6 +355,14 @@ PendSV_Handler: ldr r2, [r1] /* r2 = Location of saved context in TCB. */ restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmdb r2!, {r3-r6} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_2, r5 + msr PAC_KEY_P_3, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ ldmdb r2!, {r0, r3-r5, lr} /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ msr psp, r3 msr psplim, r4 @@ -374,31 +408,37 @@ PendSV_Handler: mrs r2, psp /* Read PSP in r2. */ cbz r0, save_ns_context /* No secure context to save. */ - push {r0-r2, r14} - bl SecureContext_SaveContext /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - pop {r0-r3} /* LR is now in r3. */ - mov lr, r3 /* LR = r3. */ - lsls r1, r3, #25 /* r1 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - bpl save_ns_context /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - - mrs r1, psplim /* r1 = PSPLIM. */ - mov r3, lr /* r3 = LR/EXC_RETURN. */ - stmdb r2!, {r0, r1, r3} /* Store xSecureContext, PSPLIM and LR on the stack. */ - b select_next_task + save_s_context: + push {r0-r2, lr} + bl SecureContext_SaveContext /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + pop {r0-r2, lr} save_ns_context: + mov r3, lr /* r3 = LR. */ + lsls r3, r3, #25 /* r3 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + bmi save_special_regs /* If r3 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used. */ + + save_general_regs: #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) tst lr, #0x10 /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ it eq vstmdbeq r2!, {s16-s31} /* Store the additional FP context registers which are not saved automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ stmdb r2!, {r4-r11} /* Store the registers that are not saved automatically. */ - mrs r1, psplim /* r1 = PSPLIM. */ - mov r3, lr /* r3 = LR/EXC_RETURN. */ - stmdb r2!, {r0, r1, r3} /* Store xSecureContext, PSPLIM and LR on the stack. */ - ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - ldr r1, [r3] /* Read pxCurrentTCB. */ - str r2, [r1] /* Save the new top of stack in TCB. */ + + save_special_regs: + mrs r3, psplim /* r3 = PSPLIM. */ + stmdb r2!, {r0, r3, lr} /* Store xSecureContext, PSPLIM and LR on the stack. */ + #if ( configENABLE_PAC == 1 ) + mrs r3, PAC_KEY_P_3 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r4, PAC_KEY_P_2 + mrs r5, PAC_KEY_P_1 + mrs r6, PAC_KEY_P_0 + stmdb r2!, {r3-r6} /* Store the task's dedicated PAC key on the stack. */ + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + + str r2, [r1] /* Save the new top of stack in TCB. */ select_next_task: mov r0, #configMAX_SYSCALL_INTERRUPT_PRIORITY @@ -409,34 +449,45 @@ PendSV_Handler: mov r0, #0 /* r0 = 0. */ msr basepri, r0 /* Enable interrupts. */ + restore_context: ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ ldr r1, [r3] /* Read pxCurrentTCB. */ ldr r2, [r1] /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ - ldmia r2!, {r0, r1, r4} /* Read from stack - r0 = xSecureContext, r1 = PSPLIM and r4 = LR. */ - msr psplim, r1 /* Restore the PSPLIM register value for the task. */ - mov lr, r4 /* LR = r4. */ + restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmia r2!, {r3-r6} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_1, r5 + msr PAC_KEY_P_0, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + ldmia r2!, {r0, r3, lr} http://files.iar.com/ftp/pub/box/bxarm-9.60.3.deb/* Read from stack - r0 = xSecureContext, r3 = PSPLIM and LR restored. */ + msr psplim, r3 /* Restore the PSPLIM register value for the task. */ ldr r3, =xSecureContext /* Read the location of xSecureContext i.e. &( xSecureContext ). */ str r0, [r3] /* Restore the task's xSecureContext. */ cbz r0, restore_ns_context /* If there is no secure context for the task, restore the non-secure context. */ - ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - ldr r1, [r3] /* Read pxCurrentTCB. */ - push {r2, r4} + + restore_s_context: + push {r1-r3, lr} bl SecureContext_LoadContext /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - pop {r2, r4} - mov lr, r4 /* LR = r4. */ - lsls r1, r4, #25 /* r1 = r4 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - bpl restore_ns_context /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - msr psp, r2 /* Remember the new top of stack for the task. */ - bx lr + pop {r1-r3, lr} restore_ns_context: + mov r0, lr /* r0 = LR (EXC_RETURN). */ + lsls r0, r0, #25 /* r0 = r0 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + bmi restore_context_done /* r0 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used to store the stack frame. */ + + restore_general_regs: ldmia r2!, {r4-r11} /* Restore the registers that are not automatically restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) tst lr, #0x10 /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ it eq vldmiaeq r2!, {s16-s31} /* Restore the additional FP context registers which are not restored automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ + + restore_context_done: msr psp, r2 /* Remember the new top of stack for the task. */ bx lr diff --git a/portable/IAR/ARM_CM55/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM55/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/IAR/ARM_CM55/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM55/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/IAR/ARM_CM55_NTZ/non_secure/port.c b/portable/IAR/ARM_CM55_NTZ/non_secure/port.c index f3f5d3edd..82a4c6bc5 100644 --- a/portable/IAR/ARM_CM55_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM55_NTZ/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/IAR/ARM_CM55_NTZ/non_secure/portasm.s b/portable/IAR/ARM_CM55_NTZ/non_secure/portasm.s index 9d6c6a7ef..ba6e8e915 100644 --- a/portable/IAR/ARM_CM55_NTZ/non_secure/portasm.s +++ b/portable/IAR/ARM_CM55_NTZ/non_secure/portasm.s @@ -142,6 +142,14 @@ vRestoreContextOfFirstTask: ldr r1, [r0] /* r1 = Location of saved context in TCB. */ restore_special_regs_first_task: + #if ( configENABLE_PAC == 1 ) + ldmdb r1!, {r2-r5} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_3, r5 + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ ldmdb r1!, {r2-r4, lr} /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ msr psp, r2 msr psplim, r3 @@ -165,6 +173,15 @@ vRestoreContextOfFirstTask: ldr r1, [r2] /* Read pxCurrentTCB. */ ldr r0, [r1] /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r1-r4} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r1 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r2 + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_0, r4 + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ msr psplim, r1 /* Set this task's PSPLIM value. */ mrs r1, control /* Obtain current control register value. */ @@ -233,7 +250,6 @@ PendSV_Handler: vstmiaeq r1!, {s0-s16} /* Store hardware saved FP context. */ sub r2, r2, #0x20 /* Set r2 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - stmia r1!, {r4-r11} /* Store r4-r11. */ ldmia r2, {r4-r11} /* Copy the hardware saved context into r4-r11. */ stmia r1!, {r4-r11} /* Store the hardware saved context. */ @@ -242,6 +258,15 @@ PendSV_Handler: mrs r3, psplim /* r3 = PSPLIM. */ mrs r4, control /* r4 = CONTROL. */ stmia r1!, {r2-r4, lr} /* Store original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + mrs r2, PAC_KEY_P_0 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r3, PAC_KEY_P_1 + mrs r4, PAC_KEY_P_2 + mrs r5, PAC_KEY_P_3 + stmia r1!, {r2-r5} /* Store the task's dedicated PAC key on the task's context. */ + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ + str r1, [r0] /* Save the location from where the context should be restored as the first member of TCB. */ select_next_task: @@ -300,6 +325,14 @@ PendSV_Handler: ldr r1, [r0] /* r1 = Location of saved context in TCB. */ restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmdb r1!, {r2-r5} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_3, r5 + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ ldmdb r1!, {r2-r4, lr} /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ msr psp, r2 msr psplim, r3 @@ -335,6 +368,15 @@ PendSV_Handler: mov r3, lr /* r3 = LR/EXC_RETURN. */ stmdb r0!, {r2-r11} /* Store on the stack - PSPLIM, LR and registers that are not automatically. */ +#if ( configENABLE_PAC == 1 ) + mrs r1, PAC_KEY_P_3 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r2, PAC_KEY_P_2 + mrs r3, PAC_KEY_P_1 + mrs r4, PAC_KEY_P_0 + stmdb r0!, {r1-r4} /* Store the task's dedicated PAC key on the stack. */ + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldr r2, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ ldr r1, [r2] /* Read pxCurrentTCB. */ str r0, [r1] /* Save the new top of stack in TCB. */ @@ -351,6 +393,15 @@ PendSV_Handler: ldr r1, [r2] /* Read pxCurrentTCB. */ ldr r0, [r1] /* The first item in pxCurrentTCB is the task top of stack. r0 now points to the top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r2-r5} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r3 + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_0, r5 + clrm {r2-r5} /* Clear r2-r5. */ +#endif /* configENABLE_PAC */ + ldmia r0!, {r2-r11} /* Read from stack - r2 = PSPLIM, r3 = LR and r4-r11 restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) diff --git a/portable/IAR/ARM_CM55_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM55_NTZ/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/IAR/ARM_CM55_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM55_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/IAR/ARM_CM85/non_secure/port.c b/portable/IAR/ARM_CM85/non_secure/port.c index f3f5d3edd..82a4c6bc5 100644 --- a/portable/IAR/ARM_CM85/non_secure/port.c +++ b/portable/IAR/ARM_CM85/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/IAR/ARM_CM85/non_secure/portasm.s b/portable/IAR/ARM_CM85/non_secure/portasm.s index c77fd3940..8d5988819 100644 --- a/portable/IAR/ARM_CM85/non_secure/portasm.s +++ b/portable/IAR/ARM_CM85/non_secure/portasm.s @@ -152,6 +152,14 @@ vRestoreContextOfFirstTask: ldr r2, [r1] /* r2 = Location of saved context in TCB. */ restore_special_regs_first_task: + #if ( configENABLE_PAC == 1 ) + ldmdb r2!, {r3-r6} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_2, r5 + msr PAC_KEY_P_3, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ ldmdb r2!, {r0, r3-r5, lr} /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ msr psp, r3 msr psplim, r4 @@ -177,6 +185,15 @@ vRestoreContextOfFirstTask: ldr r3, [r2] /* Read pxCurrentTCB. */ ldr r0, [r3] /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r1-r4} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r1 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r2 + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_0, r4 + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldm r0!, {r1-r3} /* Read from stack - r1 = xSecureContext, r2 = PSPLIM and r3 = EXC_RETURN. */ ldr r4, =xSecureContext str r1, [r4] /* Set xSecureContext to this task's value for the same. */ @@ -271,7 +288,16 @@ PendSV_Handler: mrs r4, psplim /* r4 = PSPLIM. */ mrs r5, control /* r5 = CONTROL. */ stmia r2!, {r0, r3-r5, lr} /* Store xSecureContext, original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ - str r2, [r1] /* Save the location from where the context should be restored as the first member of TCB. */ + #if ( configENABLE_PAC == 1 ) + mrs r3, PAC_KEY_P_0 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r4, PAC_KEY_P_1 + mrs r5, PAC_KEY_P_2 + mrs r6, PAC_KEY_P_3 + stmia r2!, {r3-r6} /* Store the task's dedicated PAC key on the task's context. */ + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + + str r2, [r1] /* Save the location from where the context should be restored as the first member of TCB. */ select_next_task: mov r0, #configMAX_SYSCALL_INTERRUPT_PRIORITY @@ -329,6 +355,14 @@ PendSV_Handler: ldr r2, [r1] /* r2 = Location of saved context in TCB. */ restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmdb r2!, {r3-r6} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_2, r5 + msr PAC_KEY_P_3, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ ldmdb r2!, {r0, r3-r5, lr} /* r0 = xSecureContext, r3 = original PSP, r4 = PSPLIM, r5 = CONTROL, LR restored. */ msr psp, r3 msr psplim, r4 @@ -374,31 +408,37 @@ PendSV_Handler: mrs r2, psp /* Read PSP in r2. */ cbz r0, save_ns_context /* No secure context to save. */ - push {r0-r2, r14} - bl SecureContext_SaveContext /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - pop {r0-r3} /* LR is now in r3. */ - mov lr, r3 /* LR = r3. */ - lsls r1, r3, #25 /* r1 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - bpl save_ns_context /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - - mrs r1, psplim /* r1 = PSPLIM. */ - mov r3, lr /* r3 = LR/EXC_RETURN. */ - stmdb r2!, {r0, r1, r3} /* Store xSecureContext, PSPLIM and LR on the stack. */ - b select_next_task + save_s_context: + push {r0-r2, lr} + bl SecureContext_SaveContext /* Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ + pop {r0-r2, lr} save_ns_context: + mov r3, lr /* r3 = LR. */ + lsls r3, r3, #25 /* r3 = r3 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + bmi save_special_regs /* If r3 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used. */ + + save_general_regs: #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) tst lr, #0x10 /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ it eq vstmdbeq r2!, {s16-s31} /* Store the additional FP context registers which are not saved automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ stmdb r2!, {r4-r11} /* Store the registers that are not saved automatically. */ - mrs r1, psplim /* r1 = PSPLIM. */ - mov r3, lr /* r3 = LR/EXC_RETURN. */ - stmdb r2!, {r0, r1, r3} /* Store xSecureContext, PSPLIM and LR on the stack. */ - ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - ldr r1, [r3] /* Read pxCurrentTCB. */ - str r2, [r1] /* Save the new top of stack in TCB. */ + + save_special_regs: + mrs r3, psplim /* r3 = PSPLIM. */ + stmdb r2!, {r0, r3, lr} /* Store xSecureContext, PSPLIM and LR on the stack. */ + #if ( configENABLE_PAC == 1 ) + mrs r3, PAC_KEY_P_3 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r4, PAC_KEY_P_2 + mrs r5, PAC_KEY_P_1 + mrs r6, PAC_KEY_P_0 + stmdb r2!, {r3-r6} /* Store the task's dedicated PAC key on the stack. */ + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + + str r2, [r1] /* Save the new top of stack in TCB. */ select_next_task: mov r0, #configMAX_SYSCALL_INTERRUPT_PRIORITY @@ -409,34 +449,45 @@ PendSV_Handler: mov r0, #0 /* r0 = 0. */ msr basepri, r0 /* Enable interrupts. */ + restore_context: ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ ldr r1, [r3] /* Read pxCurrentTCB. */ ldr r2, [r1] /* The first item in pxCurrentTCB is the task top of stack. r2 now points to the top of stack. */ - ldmia r2!, {r0, r1, r4} /* Read from stack - r0 = xSecureContext, r1 = PSPLIM and r4 = LR. */ - msr psplim, r1 /* Restore the PSPLIM register value for the task. */ - mov lr, r4 /* LR = r4. */ + restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmia r2!, {r3-r6} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r3 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_1, r5 + msr PAC_KEY_P_0, r6 + clrm {r3-r6} /* Clear r3-r6. */ + #endif /* configENABLE_PAC */ + ldmia r2!, {r0, r3, lr} http://files.iar.com/ftp/pub/box/bxarm-9.60.3.deb/* Read from stack - r0 = xSecureContext, r3 = PSPLIM and LR restored. */ + msr psplim, r3 /* Restore the PSPLIM register value for the task. */ ldr r3, =xSecureContext /* Read the location of xSecureContext i.e. &( xSecureContext ). */ str r0, [r3] /* Restore the task's xSecureContext. */ cbz r0, restore_ns_context /* If there is no secure context for the task, restore the non-secure context. */ - ldr r3, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ - ldr r1, [r3] /* Read pxCurrentTCB. */ - push {r2, r4} + + restore_s_context: + push {r1-r3, lr} bl SecureContext_LoadContext /* Restore the secure context. Params are in r0 and r1. r0 = xSecureContext and r1 = pxCurrentTCB. */ - pop {r2, r4} - mov lr, r4 /* LR = r4. */ - lsls r1, r4, #25 /* r1 = r4 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ - bpl restore_ns_context /* bpl - branch if positive or zero. If r1 >= 0 ==> Bit[6] in EXC_RETURN is 0 i.e. non-secure stack was used. */ - msr psp, r2 /* Remember the new top of stack for the task. */ - bx lr + pop {r1-r3, lr} restore_ns_context: + mov r0, lr /* r0 = LR (EXC_RETURN). */ + lsls r0, r0, #25 /* r0 = r0 << 25. Bit[6] of EXC_RETURN is 1 if secure stack was used, 0 if non-secure stack was used to store stack frame. */ + bmi restore_context_done /* r0 < 0 ==> Bit[6] in EXC_RETURN is 1 ==> secure stack was used to store the stack frame. */ + + restore_general_regs: ldmia r2!, {r4-r11} /* Restore the registers that are not automatically restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) tst lr, #0x10 /* Test Bit[4] in LR. Bit[4] of EXC_RETURN is 0 if the Extended Stack Frame is in use. */ it eq vldmiaeq r2!, {s16-s31} /* Restore the additional FP context registers which are not restored automatically. */ #endif /* configENABLE_FPU || configENABLE_MVE */ + + restore_context_done: msr psp, r2 /* Remember the new top of stack for the task. */ bx lr diff --git a/portable/IAR/ARM_CM85/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM85/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/IAR/ARM_CM85/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM85/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ diff --git a/portable/IAR/ARM_CM85_NTZ/non_secure/port.c b/portable/IAR/ARM_CM85_NTZ/non_secure/port.c index f3f5d3edd..82a4c6bc5 100644 --- a/portable/IAR/ARM_CM85_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM85_NTZ/non_secure/port.c @@ -1582,6 +1582,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* configUSE_MPU_WRAPPERS_V1 == 0 */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + xMPUSettings->ulContext[ ulIndex ] = ulTaskPacKey[ i ]; + ulIndex++; + } + } + #endif /* configENABLE_PAC */ + return &( xMPUSettings->ulContext[ ulIndex ] ); } @@ -1664,6 +1678,20 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO } #endif /* portPRELOAD_REGISTERS */ + #if ( configENABLE_PAC == 1 ) + { + uint32_t ulTaskPacKey[ 4 ], i; + + vApplicationGenerateTaskRandomPacKey( &( ulTaskPacKey[ 0 ] ) ); + + for( i = 0; i < 4; i++ ) + { + pxTopOfStack--; + *pxTopOfStack = ulTaskPacKey[ i ]; + } + } + #endif /* configENABLE_PAC */ + return pxTopOfStack; } diff --git a/portable/IAR/ARM_CM85_NTZ/non_secure/portasm.s b/portable/IAR/ARM_CM85_NTZ/non_secure/portasm.s index 9d6c6a7ef..ba6e8e915 100644 --- a/portable/IAR/ARM_CM85_NTZ/non_secure/portasm.s +++ b/portable/IAR/ARM_CM85_NTZ/non_secure/portasm.s @@ -142,6 +142,14 @@ vRestoreContextOfFirstTask: ldr r1, [r0] /* r1 = Location of saved context in TCB. */ restore_special_regs_first_task: + #if ( configENABLE_PAC == 1 ) + ldmdb r1!, {r2-r5} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_3, r5 + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ ldmdb r1!, {r2-r4, lr} /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ msr psp, r2 msr psplim, r3 @@ -165,6 +173,15 @@ vRestoreContextOfFirstTask: ldr r1, [r2] /* Read pxCurrentTCB. */ ldr r0, [r1] /* Read top of stack from TCB - The first item in pxCurrentTCB is the task top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r1-r4} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r1 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r2 + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_0, r4 + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ msr psplim, r1 /* Set this task's PSPLIM value. */ mrs r1, control /* Obtain current control register value. */ @@ -233,7 +250,6 @@ PendSV_Handler: vstmiaeq r1!, {s0-s16} /* Store hardware saved FP context. */ sub r2, r2, #0x20 /* Set r2 back to the location of hardware saved context. */ #endif /* configENABLE_FPU || configENABLE_MVE */ - stmia r1!, {r4-r11} /* Store r4-r11. */ ldmia r2, {r4-r11} /* Copy the hardware saved context into r4-r11. */ stmia r1!, {r4-r11} /* Store the hardware saved context. */ @@ -242,6 +258,15 @@ PendSV_Handler: mrs r3, psplim /* r3 = PSPLIM. */ mrs r4, control /* r4 = CONTROL. */ stmia r1!, {r2-r4, lr} /* Store original PSP (after hardware has saved context), PSPLIM, CONTROL and LR. */ + #if ( configENABLE_PAC == 1 ) + mrs r2, PAC_KEY_P_0 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r3, PAC_KEY_P_1 + mrs r4, PAC_KEY_P_2 + mrs r5, PAC_KEY_P_3 + stmia r1!, {r2-r5} /* Store the task's dedicated PAC key on the task's context. */ + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ + str r1, [r0] /* Save the location from where the context should be restored as the first member of TCB. */ select_next_task: @@ -300,6 +325,14 @@ PendSV_Handler: ldr r1, [r0] /* r1 = Location of saved context in TCB. */ restore_special_regs: + #if ( configENABLE_PAC == 1 ) + ldmdb r1!, {r2-r5} /* Read task's dedicated PAC key from the task's context. */ + msr PAC_KEY_P_0, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_1, r3 + msr PAC_KEY_P_2, r4 + msr PAC_KEY_P_3, r5 + clrm {r2-r5} /* Clear r2-r5. */ + #endif /* configENABLE_PAC */ ldmdb r1!, {r2-r4, lr} /* r2 = original PSP, r3 = PSPLIM, r4 = CONTROL, LR restored. */ msr psp, r2 msr psplim, r3 @@ -335,6 +368,15 @@ PendSV_Handler: mov r3, lr /* r3 = LR/EXC_RETURN. */ stmdb r0!, {r2-r11} /* Store on the stack - PSPLIM, LR and registers that are not automatically. */ +#if ( configENABLE_PAC == 1 ) + mrs r1, PAC_KEY_P_3 /* Read task's dedicated PAC key from the PAC key registers. */ + mrs r2, PAC_KEY_P_2 + mrs r3, PAC_KEY_P_1 + mrs r4, PAC_KEY_P_0 + stmdb r0!, {r1-r4} /* Store the task's dedicated PAC key on the stack. */ + clrm {r1-r4} /* Clear r1-r4. */ +#endif /* configENABLE_PAC */ + ldr r2, =pxCurrentTCB /* Read the location of pxCurrentTCB i.e. &( pxCurrentTCB ). */ ldr r1, [r2] /* Read pxCurrentTCB. */ str r0, [r1] /* Save the new top of stack in TCB. */ @@ -351,6 +393,15 @@ PendSV_Handler: ldr r1, [r2] /* Read pxCurrentTCB. */ ldr r0, [r1] /* The first item in pxCurrentTCB is the task top of stack. r0 now points to the top of stack. */ +#if ( configENABLE_PAC == 1 ) + ldmia r0!, {r2-r5} /* Read task's dedicated PAC key from stack. */ + msr PAC_KEY_P_3, r2 /* Write the task's dedicated PAC key to the PAC key registers. */ + msr PAC_KEY_P_2, r3 + msr PAC_KEY_P_1, r4 + msr PAC_KEY_P_0, r5 + clrm {r2-r5} /* Clear r2-r5. */ +#endif /* configENABLE_PAC */ + ldmia r0!, {r2-r11} /* Read from stack - r2 = PSPLIM, r3 = LR and r4-r11 restored. */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) diff --git a/portable/IAR/ARM_CM85_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM85_NTZ/non_secure/portmacrocommon.h index 8a8dc7d6a..a935c65f8 100644 --- a/portable/IAR/ARM_CM85_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM85_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -125,6 +127,18 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P extern BaseType_t xIsPrivileged( void ) /* __attribute__ (( naked )) */; extern void vResetPrivilege( void ) /* __attribute__ (( naked )) */; #endif /* configENABLE_MPU */ + +#if ( configENABLE_PAC == 1 ) + + /** + * @brief Generates 128-bit task's random PAC key. + * + * @param[out] pulTaskPacKey Pointer to a 4-word (128-bits) array to be + * filled with a 128-bit random number. + */ + void vApplicationGenerateTaskRandomPacKey( uint32_t * pulTaskPacKey ); + +#endif /* configENABLE_PAC */ /*-----------------------------------------------------------*/ /** @@ -223,63 +237,114 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P */ #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) +/* +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+------------------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><-----------><----> +* 16 16 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 70 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) /* - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | | | PC, xPSR | CONTROL, EXC_RETURN | | - * +-----------+---------------+----------+-----------------+------------------------------+-----+ - * - * <-----------><--------------><---------><----------------><-----------------------------><----> - * 16 16 8 8 5 1 - */ +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | | | PC, xPSR | CONTROL, EXC_RETURN | | +* +-----------+---------------+----------+-----------------+------------------------------+-----+ +* +* <-----------><--------------><---------><----------------><-----------------------------><----> +* 16 16 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 54 - #else /* #if( configENABLE_TRUSTZONE == 1 ) */ + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) /* - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | | | PC, xPSR | EXC_RETURN | | - * +-----------+---------------+----------+-----------------+----------------------+-----+ - * - * <-----------><--------------><---------><----------------><---------------------><----> - * 16 16 8 8 4 1 - */ +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | | | PC, xPSR | EXC_RETURN | | | +* +-----------+---------------+----------+-----------------+----------------------+------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><-----------><----> +* 16 16 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 69 + + #else + +/* +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* | s16-s31 | s0-s15, FPSCR | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | | | PC, xPSR | EXC_RETURN | | +* +-----------+---------------+----------+-----------------+----------------------+-----+ +* +* <-----------><--------------><---------><----------------><---------------------><----> +* 16 16 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 53 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #else /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */ - #if ( configENABLE_TRUSTZONE == 1 ) + #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) /* - * +----------+-----------------+------------------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | - * | | PC, xPSR | CONTROL, EXC_RETURN | | - * +----------+-----------------+------------------------------+-----+ - * - * <---------><----------------><------------------------------><----> - * 8 8 5 1 - */ +* +----------+-----------------+------------------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | TaskPacKey | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | | +* +----------+-----------------+------------------------------+------------+-----+ +* +* <---------><----------------><------------------------------><-----------><----> +* 8 8 5 16 1 +*/ + #define MAX_CONTEXT_SIZE 38 + + #elif ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 0 ) ) + +/* +* +----------+-----------------+------------------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | xSecureContext, PSP, PSPLIM, | | +* | | PC, xPSR | CONTROL, EXC_RETURN | | +* +----------+-----------------+------------------------------+-----+ +* +* <---------><----------------><------------------------------><----> +* 8 8 5 1 +*/ #define MAX_CONTEXT_SIZE 22 + #elif ( ( configENABLE_TRUSTZONE == 0 ) && ( configENABLE_PAC == 1 ) ) + +/* +* +----------+-----------------+----------------------+------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | TaskPacKey | | +* | | PC, xPSR | EXC_RETURN | | | +* +----------+-----------------+----------------------+------------+-----+ +* +* <---------><----------------><----------------------><-----------><----> +* 8 8 4 16 1 +*/ + #define MAX_CONTEXT_SIZE 37 + #else /* #if( configENABLE_TRUSTZONE == 1 ) */ /* - * +----------+-----------------+----------------------+-----+ - * | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | - * | | PC, xPSR | EXC_RETURN | | - * +----------+-----------------+----------------------+-----+ - * - * <---------><----------------><----------------------><----> - * 8 8 4 1 - */ +* +----------+-----------------+----------------------+-----+ +* | r4-r11 | r0-r3, r12, LR, | PSP, PSPLIM, CONTROL | | +* | | PC, xPSR | EXC_RETURN | | +* +----------+-----------------+----------------------+-----+ +* +* <---------><----------------><----------------------><----> +* 8 8 4 1 +*/ #define MAX_CONTEXT_SIZE 21 - #endif /* #if( configENABLE_TRUSTZONE == 1 ) */ + #endif /* #if ( ( configENABLE_TRUSTZONE == 1 ) && ( configENABLE_PAC == 1 ) ) */ #endif /* #if ( ( configENABLE_FPU == 1 ) || ( configENABLE_MVE == 1 ) ) */