len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-09-01 11:53:53 -04:00
Code Issues Projects Releases Packages Wiki Activity

Armv8.1-m: Add pacbti support (#1147)

Browse source 
* copyright-checker: Add FreeRTOS Arm collab copyright

FreeRTOS Arm collab files shall have both Amazon's
and Arm's copyright headers. Hence, the copyright
checker is modified to check for both copyrights.

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>

* armv8-m: Add support for IAR with TFM FREERTOS PORT

As the case for ARMClang, and GCC toolchains, IAR
with TFM FreeRTOS Port support is added.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* armv8-m: Do not overwrite Control register value

The current ARMv8-M FreeRTOS-Kernel Port code
implementation is modified in a way that allows
the CONTROL register's value to be retained
rather than being overwritten.

This is needed for adding PACBTI support as
the special-purpose CONTROL register `PAC_EN`,
`UPAC_EN`, `BTI_EN`, and `UBTI_EN` PACBTI
enablement bits should be configured before calling
`vRestoreContextOfFirstTask()` function which currently
overwrite the value inside the CONTROL register.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* armv8.1-m: Add PACBTI support to kernel non-secure implementation

In this commit, Pointer Authentication, and Branch Target
Identification Extension (PACBTI) support is added for
Non-Secure and Non-TrustZone variants of Cortex-M85
FreeRTOS-Kernel Port.

The PACBTI support is added for Arm Compiler For
Embedded, and IAR toolchains only. The support in
the kernel is not yet enabled for GNU toolchain
due to known issues.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* Fix CI check

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>

---------

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
Co-authored-by: Ahmed Ismail <ahmism01@e133373.arm.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
This commit is contained in:
Ahmed Ismail 2024-10-24 07:25:16 +01:00 committed by GitHub
parent e400cc93b7
commit 7081e76f5a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
81 changed files with 2430 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

122
portable/CMakeLists.txt
View file

@ -453,6 +453,12 @@ add_library(freertos_kernel_port OBJECT
IAR/ARM_CM33_NTZ/non_secure/portasm.s
IAR/ARM_CM33_NTZ/non_secure/mpu_wrappers_v2_asm.S>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_TFM>:
IAR/ARM_CM33_NTZ/non_secure/port.c
IAR/ARM_CM33_NTZ/non_secure/portasm.s
IAR/ARM_CM33_NTZ/non_secure/mpu_wrappers_v2_asm.S
ThirdParty/GCC/ARM_TFM/os_wrapper_freertos.c>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM35P_NONSECURE>:
IAR/ARM_CM35P/non_secure/port.c
IAR/ARM_CM35P/non_secure/portasm.s
@ -486,6 +492,12 @@ add_library(freertos_kernel_port OBJECT
IAR/ARM_CM55_NTZ/non_secure/portasm.s
IAR/ARM_CM55_NTZ/non_secure/mpu_wrappers_v2_asm.S>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_TFM>:
IAR/ARM_CM55_NTZ/non_secure/port.c
IAR/ARM_CM55_NTZ/non_secure/portasm.s
IAR/ARM_CM55_NTZ/non_secure/mpu_wrappers_v2_asm.S
ThirdParty/GCC/ARM_TFM/os_wrapper_freertos.c>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_NONSECURE>:
IAR/ARM_CM85/non_secure/port.c
IAR/ARM_CM85/non_secure/portasm.s
@ -502,6 +514,12 @@ add_library(freertos_kernel_port OBJECT
IAR/ARM_CM85_NTZ/non_secure/portasm.s
IAR/ARM_CM85_NTZ/non_secure/mpu_wrappers_v2_asm.S>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_TFM>:
IAR/ARM_CM85_NTZ/non_secure/port.c
IAR/ARM_CM85_NTZ/non_secure/portasm.s
IAR/ARM_CM85_NTZ/non_secure/mpu_wrappers_v2_asm.S
ThirdParty/GCC/ARM_TFM/os_wrapper_freertos.c>
# ARMv7-R Ports for IAR EWARM
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CRX_NOGIC>:
IAR/ARM_CRx_No_GIC/port.c
@ -755,13 +773,112 @@ if( FREERTOS_PORT MATCHES "GCC_ARM_CM(3|4)_MPU" OR
FREERTOS_PORT MATCHES "GCC_ARM_CM(23|33|55|85)_NONSECURE" OR
FREERTOS_PORT MATCHES "GCC_ARM_CM(33|55|85)_TFM" OR
FREERTOS_PORT MATCHES "IAR_ARM_CM(23|33|55|85)_NTZ_NONSECURE" OR
FREERTOS_PORT MATCHES "IAR_ARM_CM(23|33|55|85)_NONSECURE"
FREERTOS_PORT MATCHES "IAR_ARM_CM(23|33|55|85)_NONSECURE" OR
FREERTOS_PORT MATCHES "IAR_ARM_CM(33|55|85)_TFM"
)
target_sources(freertos_kernel_port PRIVATE
Common/mpu_wrappers.c
Common/mpu_wrappers_v2.c
)
endif()
if (DEFINED FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG )
if(${CMAKE_C_COMPILER_ID} STREQUAL "GNU")
message(FATAL_ERROR "ARMv8.1-M PACBTI support in the kernel is not yet enabled for GNU toolchain due to known issues.")
endif()
if(FREERTOS_PORT MATCHES ".*ARM_CM85")
if(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_STANDARD")
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},ARMClang>:-mbranch-protection=standard>)
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},IAR>:$<$<COMPILE_LANGUAGE:C,CXX>:--branch_protection=bti+pac-ret>>)
target_compile_definitions(freertos_config
INTERFACE
configENABLE_PAC=1
configENABLE_BTI=1
)
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI")
if(${CMAKE_C_COMPILER_ID} STREQUAL "ARMClang")
target_compile_options(freertos_kernel_port
PUBLIC
-mbranch-protection=bti+pac-ret+leaf
)
target_compile_definitions(freertos_config
PUBLIC
configENABLE_PAC=1
configENABLE_BTI=1
)
elseif(${CMAKE_C_COMPILER_ID} STREQUAL "IAR")
message(FATAL_ERROR "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI PACBTI option is not supported on IAR Compiler.")
endif()
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_PACRET")
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},ARMClang>:-mbranch-protection=pac-ret>)
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},IAR>:$<$<COMPILE_LANGUAGE:C,CXX>:--branch_protection=pac-ret>>)
target_compile_definitions(freertos_config
PUBLIC
configENABLE_PAC=1
)
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF")
if(${CMAKE_C_COMPILER_ID} STREQUAL "ARMClang")
target_compile_options(freertos_kernel_port
PUBLIC
-mbranch-protection=pac-ret+leaf
)
target_compile_definitions(freertos_config
PUBLIC
configENABLE_PAC=1
)
elseif(${CMAKE_C_COMPILER_ID} STREQUAL "IAR")
message(FATAL_ERROR "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF PACBTI option is not supported on IAR Compiler.")
endif()
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_BTI")
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},ARMClang>:-mbranch-protection=bti>)
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},IAR>:$<$<COMPILE_LANGUAGE:C,CXX>:--branch_protection=bti>>)
target_compile_definitions(freertos_config
PUBLIC
configENABLE_BTI=1
)
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_NONE")
if(${CMAKE_C_COMPILER_ID} STREQUAL "ARMClang")
target_compile_options(freertos_kernel_port
PUBLIC
-mbranch-protection=none
)
endif()
target_compile_definitions(freertos_config
PUBLIC
configENABLE_PAC=0
configENABLE_BTI=0
)
else()
message(FATAL_ERROR "Invalid FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG configuration, the supported configurations are
ARM_V_8_1_M_PACBTI_CONFIG_STANDARD,
ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI,
ARM_V_8_1_M_PACBTI_CONFIG_PACRET,
ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF,
ARM_V_8_1_M_PACBTI_CONFIG_BTI,
ARM_V_8_1_M_PACBTI_CONFIG_NONE
")
endif()
if(NOT FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_NONE")
# The reason why `--library_security=pacbti-m` link option is defined for both `freertos_kernel_port`, and
# `freertos_kernel` targets even though `freertos_kernel_port` gets linked to `freertos_kernel` is that the
# `freertos_kernel_port` is an object library where its linker options don't propagate to the targets that
# link against it.
target_link_options(freertos_kernel_port
PUBLIC
--library_security=pacbti-m
)
target_link_options(freertos_kernel
PUBLIC
--library_security=pacbti-m
)
endif()
else()
message(FATAL_ERROR "FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG option is currently only supported on ARM Cortex-M85 FreeRTOS port.")
endif()
endif()
add_library(freertos_kernel_port_headers INTERFACE)
target_include_directories(freertos_kernel_port_headers INTERFACE
@ -956,6 +1073,7 @@ target_include_directories(freertos_kernel_port_headers INTERFACE
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33/secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_NTZ_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_TFM>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM35P_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM35P/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM35P_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM35P/secure>
@ -965,10 +1083,12 @@ target_include_directories(freertos_kernel_port_headers INTERFACE
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55/secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_NTZ_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_TFM>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85/secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_NTZ_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_TFM>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85_NTZ/non_secure>
# ARMv7-R Ports for IAR EWARM
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CRX_NOGIC>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CRx_No_GIC>