len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-04-19 13:01:57 -04:00
Code Issues Packages Projects Releases Wiki Activity

Armv8.1-m: Add pacbti support (#1147)

Browse source 
* copyright-checker: Add FreeRTOS Arm collab copyright

FreeRTOS Arm collab files shall have both Amazon's
and Arm's copyright headers. Hence, the copyright
checker is modified to check for both copyrights.

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>

* armv8-m: Add support for IAR with TFM FREERTOS PORT

As the case for ARMClang, and GCC toolchains, IAR
with TFM FreeRTOS Port support is added.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* armv8-m: Do not overwrite Control register value

The current ARMv8-M FreeRTOS-Kernel Port code
implementation is modified in a way that allows
the CONTROL register's value to be retained
rather than being overwritten.

This is needed for adding PACBTI support as
the special-purpose CONTROL register `PAC_EN`,
`UPAC_EN`, `BTI_EN`, and `UBTI_EN` PACBTI
enablement bits should be configured before calling
`vRestoreContextOfFirstTask()` function which currently
overwrite the value inside the CONTROL register.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* armv8.1-m: Add PACBTI support to kernel non-secure implementation

In this commit, Pointer Authentication, and Branch Target
Identification Extension (PACBTI) support is added for
Non-Secure and Non-TrustZone variants of Cortex-M85
FreeRTOS-Kernel Port.

The PACBTI support is added for Arm Compiler For
Embedded, and IAR toolchains only. The support in
the kernel is not yet enabled for GNU toolchain
due to known issues.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* Fix CI check

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>

---------

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
Co-authored-by: Ahmed Ismail <ahmism01@e133373.arm.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
This commit is contained in:
Ahmed Ismail 2024-10-24 07:25:16 +01:00 committed by GitHub
parent e400cc93b7
commit 7081e76f5a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
81 changed files with 2430 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.github/.cSpellWords.txt vendored
View file

@ -448,6 +448,7 @@ MAINRDY
MAIR MAIR
Mang Mang
Mbits Mbits
mbranch
mcause mcause
MCFR MCFR
MCKA MCKA
@ -586,6 +587,8 @@ OWATCOM
OWDR OWDR
OWER OWER
OWSR OWSR
pacbti
PACBTI
PAGEN PAGEN
PCDR PCDR
PCER PCER
@ -900,6 +903,7 @@ TXTEN
TXUBR TXUBR
TXVC TXVC
TXVDIS TXVDIS
UBTI
UDCP UDCP
UNACKED UNACKED
uncrustify uncrustify
@ -915,6 +919,7 @@ UNSUB
UNSUBACK UNSUBACK
unsubscriptions unsubscriptions
unsuspended unsuspended
UPAC
URAD URAD
URAT URAT
URSTEN URSTEN

85
.github/scripts/kernel_checker.py vendored
View file

@ -28,6 +28,7 @@
# */ # */
import os import os
import re
from common.header_checker import HeaderChecker from common.header_checker import HeaderChecker
#-------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------
@ -106,6 +107,15 @@ KERNEL_THIRD_PARTY_PATTERNS = [
r'.*portable/GCC/AVR32_UC3/.*', r'.*portable/GCC/AVR32_UC3/.*',
] ]
KERNEL_ARM_COLLAB_FILES_PATTERNS = [
r'.*portable/ARMv8M/*',
r'.*portable/.*/ARM_CM23*',
r'.*portable/.*/ARM_CM33*',
r'.*portable/.*/ARM_CM35*',
r'.*portable/.*/ARM_CM55*',
r'.*portable/.*/ARM_CM85*',
]
KERNEL_HEADER = [ KERNEL_HEADER = [
'/*\n', '/*\n',
' * FreeRTOS Kernel <DEVELOPMENT BRANCH>\n', ' * FreeRTOS Kernel <DEVELOPMENT BRANCH>\n',
@ -139,12 +149,85 @@ KERNEL_HEADER = [
FREERTOS_COPYRIGHT_REGEX = r"^(;|#)?( *(\/\*|\*|#|\/\/))? Copyright \(C\) 20\d\d Amazon.com, Inc. or its affiliates. All Rights Reserved\.( \*\/)?$" FREERTOS_COPYRIGHT_REGEX = r"^(;|#)?( *(\/\*|\*|#|\/\/))? Copyright \(C\) 20\d\d Amazon.com, Inc. or its affiliates. All Rights Reserved\.( \*\/)?$"
FREERTOS_ARM_COLLAB_COPYRIGHT_REGEX = r"(^(;|#)?( *(\/\*|\*|#|\/\/))? Copyright \(C\) 20\d\d Amazon.com, Inc. or its affiliates. All Rights Reserved\.( \*\/)?$)|" + \
r"(^(;|#)?( *(\/\*|\*|#|\/\/))? Copyright 20\d\d Arm Limited and/or its affiliates( \*\/)?$)|" + \
r"(^(;|#)?( *(\/\*|\*|#|\/\/))? <open-source-office@arm.com>( \*\/)?$)"
class KernelHeaderChecker(HeaderChecker):
def __init__(
self,
header,
padding=1000,
ignored_files=None,
ignored_ext=None,
ignored_patterns=None,
py_ext=None,
asm_ext=None,
third_party_patterns=None,
copyright_regex = None
):
super().__init__(header, padding, ignored_files, ignored_ext, ignored_patterns,
py_ext, asm_ext, third_party_patterns, copyright_regex)
self.armCollabRegex = re.compile(FREERTOS_ARM_COLLAB_COPYRIGHT_REGEX)
self.armCollabFilesPatternList = []
for pattern in KERNEL_ARM_COLLAB_FILES_PATTERNS:
self.armCollabFilesPatternList.append(re.compile(pattern))
def isArmCollabFile(self, path):
for pattern in self.armCollabFilesPatternList:
if pattern.match(path):
return True
return False
def checkArmCollabFile(self, path):
isValid = False
file_ext = os.path.splitext(path)[-1]
with open(path, encoding="utf-8", errors="ignore") as file:
chunk = file.read(len("".join(self.header)) + self.padding)
lines = [("%s\n" % line) for line in chunk.strip().splitlines()][
: len(self.header) + 2
]
if (len(lines) > 0) and (lines[0].find("#!") == 0):
lines.remove(lines[0])
# Split lines in sections.
headers = dict()
headers["text"] = []
headers["copyright"] = []
headers["spdx"] = []
for line in lines:
if self.armCollabRegex.match(line):
headers["copyright"].append(line)
elif "SPDX-License-Identifier:" in line:
headers["spdx"].append(line)
else:
headers["text"].append(line)
text_equal = self.isValidHeaderSection(file_ext, "text", headers["text"])
spdx_equal = self.isValidHeaderSection(file_ext, "spdx", headers["spdx"])
if text_equal and spdx_equal and len(headers["copyright"]) == 3:
isValid = True
return isValid
def customCheck(self, path):
isValid = False
if self.isArmCollabFile(path):
isValid = self.checkArmCollabFile(path)
return isValid
def main(): def main():
parser = HeaderChecker.configArgParser() parser = HeaderChecker.configArgParser()
args = parser.parse_args() args = parser.parse_args()
# Configure the checks then run # Configure the checks then run
checker = HeaderChecker(KERNEL_HEADER, checker = KernelHeaderChecker(KERNEL_HEADER,
copyright_regex=FREERTOS_COPYRIGHT_REGEX, copyright_regex=FREERTOS_COPYRIGHT_REGEX,
ignored_files=KERNEL_IGNORED_FILES, ignored_files=KERNEL_IGNORED_FILES,
ignored_ext=KERNEL_IGNORED_EXTENSIONS, ignored_ext=KERNEL_IGNORED_EXTENSIONS,

3
CMakeLists.txt
View file

@ -138,15 +138,18 @@ if(NOT FREERTOS_PORT)
" IAR_ARM_CM33_NONSECURE - Compiler: IAR Target: ARM Cortex-M33 non-secure\n" " IAR_ARM_CM33_NONSECURE - Compiler: IAR Target: ARM Cortex-M33 non-secure\n"
" IAR_ARM_CM33_SECURE - Compiler: IAR Target: ARM Cortex-M33 secure\n" " IAR_ARM_CM33_SECURE - Compiler: IAR Target: ARM Cortex-M33 secure\n"
" IAR_ARM_CM33_NTZ_NONSECURE - Compiler: IAR Target: ARM Cortex-M33 non-trustzone non-secure\n" " IAR_ARM_CM33_NTZ_NONSECURE - Compiler: IAR Target: ARM Cortex-M33 non-trustzone non-secure\n"
" IAR_ARM_CM33_TFM - Compiler: IAR Target: ARM Cortex-M33 non-secure for TF-M\n"
" IAR_ARM_CM35P_NONSECURE - Compiler: IAR Target: ARM Cortex-M35P non-secure\n" " IAR_ARM_CM35P_NONSECURE - Compiler: IAR Target: ARM Cortex-M35P non-secure\n"
" IAR_ARM_CM35P_SECURE - Compiler: IAR Target: ARM Cortex-M35P secure\n" " IAR_ARM_CM35P_SECURE - Compiler: IAR Target: ARM Cortex-M35P secure\n"
" IAR_ARM_CM35P_NTZ_NONSECURE - Compiler: IAR Target: ARM Cortex-M35P non-trustzone non-secure\n" " IAR_ARM_CM35P_NTZ_NONSECURE - Compiler: IAR Target: ARM Cortex-M35P non-trustzone non-secure\n"
" IAR_ARM_CM55_NONSECURE - Compiler: IAR Target: ARM Cortex-M55 non-secure\n" " IAR_ARM_CM55_NONSECURE - Compiler: IAR Target: ARM Cortex-M55 non-secure\n"
" IAR_ARM_CM55_SECURE - Compiler: IAR Target: ARM Cortex-M55 secure\n" " IAR_ARM_CM55_SECURE - Compiler: IAR Target: ARM Cortex-M55 secure\n"
" IAR_ARM_CM55_NTZ_NONSECURE - Compiler: IAR Target: ARM Cortex-M55 non-trustzone non-secure\n" " IAR_ARM_CM55_NTZ_NONSECURE - Compiler: IAR Target: ARM Cortex-M55 non-trustzone non-secure\n"
" IAR_ARM_CM55_TFM - Compiler: IAR Target: ARM Cortex-M55 non-secure for TF-M\n"
" IAR_ARM_CM85_NONSECURE - Compiler: IAR Target: ARM Cortex-M85 non-secure\n" " IAR_ARM_CM85_NONSECURE - Compiler: IAR Target: ARM Cortex-M85 non-secure\n"
" IAR_ARM_CM85_SECURE - Compiler: IAR Target: ARM Cortex-M85 secure\n" " IAR_ARM_CM85_SECURE - Compiler: IAR Target: ARM Cortex-M85 secure\n"
" IAR_ARM_CM85_NTZ_NONSECURE - Compiler: IAR Target: ARM Cortex-M85 non-trustzone non-secure\n" " IAR_ARM_CM85_NTZ_NONSECURE - Compiler: IAR Target: ARM Cortex-M85 non-trustzone non-secure\n"
" IAR_ARM_CM85_TFM - Compiler: IAR Target: ARM Cortex-M85 non-secure for TF-M\n"
" IAR_ARM_CRX_NOGIC - Compiler: IAR Target: ARM Cortex-Rx no GIC\n" " IAR_ARM_CRX_NOGIC - Compiler: IAR Target: ARM Cortex-Rx no GIC\n"
" IAR_ATMEGA323 - Compiler: IAR Target: ATMega323\n" " IAR_ATMEGA323 - Compiler: IAR Target: ATMega323\n"
" IAR_ATMEL_SAM7S64 - Compiler: IAR Target: Atmel SAM7S64\n" " IAR_ATMEL_SAM7S64 - Compiler: IAR Target: Atmel SAM7S64\n"

2
examples/coverity/README.md
View file

@ -17,7 +17,7 @@ files.
## Getting Started ## Getting Started
### Prerequisites ### Prerequisites
Coverity can be run on any platform mentioned [here](https://sig-docs.synopsys.com/polaris/topics/c_coverity-compatible-platforms.html). Coverity can be run on any platform mentioned [here](https://documentation.blackduck.com/bundle/coverity-docs/page/deploy-install-guide/topics/supported_platforms_for_coverity_analysis.html).
The following are the prerequisites to generate coverity report: The following are the prerequisites to generate coverity report:
1. CMake version > 3.13.0 (You can check whether you have this by typing `cmake --version`). 1. CMake version > 3.13.0 (You can check whether you have this by typing `cmake --version`).

12
include/FreeRTOS.h
View file

@ -3032,6 +3032,18 @@
#define configCONTROL_INFINITE_LOOP() #define configCONTROL_INFINITE_LOOP()
#endif #endif
/* Set configENABLE_PAC and/or configENABLE_BTI to 1 to enable PAC and/or BTI
* support and 0 to disable them. These are currently used in ARMv8.1-M ports. */
#if ( portHAS_PACBTI_FEATURE == 1 )
#ifndef configENABLE_PAC
#define configENABLE_PAC 0
#endif
#ifndef configENABLE_BTI
#define configENABLE_BTI 0
#endif
#endif
/* Sometimes the FreeRTOSConfig.h settings only allow a task to be created using /* Sometimes the FreeRTOSConfig.h settings only allow a task to be created using
* dynamically allocated RAM, in which case when any task is deleted it is known * dynamically allocated RAM, in which case when any task is deleted it is known
* that both the task's stack and TCB need to be freed. Sometimes the * that both the task's stack and TCB need to be freed. Sometimes the

97
portable/ARMv8M/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM23/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23" #define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM23_NTZ/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23" #define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

7
portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portasm.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -134,8 +136,9 @@
" ldr r4, =xSecureContext \n" " ldr r4, =xSecureContext \n"
" str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */
" msr psplim, r2 \n" /* Set this task's PSPLIM value. */ " msr psplim, r2 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */ " mrs r1, control \n" /* Obtain current control register value. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */ " adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n" " isb \n"

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33" #define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

7
portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portasm.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -130,8 +132,9 @@
" \n" " \n"
" ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
" msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */ " mrs r1, control \n" /* Obtain current control register value. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */ " adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n" " isb \n"

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33" #define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM35P/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M35P" #define portARCH_NAME "Cortex-M35P"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM55/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M55" #define portARCH_NAME "Cortex-M55"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1 #define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM85/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M85" #define portARCH_NAME "Cortex-M85"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1 #define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 1
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM23/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23" #define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM23_NTZ/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23" #define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

7
portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portasm.s
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -179,8 +181,9 @@ vRestoreContextOfFirstTask:
ldr r4, =xSecureContext ldr r4, =xSecureContext
str r1, [r4] /* Set xSecureContext to this task's value for the same. */ str r1, [r4] /* Set xSecureContext to this task's value for the same. */
msr psplim, r2 /* Set this task's PSPLIM value. */ msr psplim, r2 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */ mrs r1, control /* Obtain current control register value. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */ adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */ msr psp, r0 /* This is now the new top of stack to use in the task. */
isb isb

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33" #define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

7
portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portasm.s
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -165,8 +167,9 @@ vRestoreContextOfFirstTask:
ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
msr psplim, r1 /* Set this task's PSPLIM value. */ msr psplim, r1 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */ mrs r1, control /* Obtain current control register value. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */ adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */ msr psp, r0 /* This is now the new top of stack to use in the task. */
isb isb

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33" #define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM35P/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M35P" #define portARCH_NAME "Cortex-M35P"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM55/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M55" #define portARCH_NAME "Cortex-M55"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1 #define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM85/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M85" #define portARCH_NAME "Cortex-M85"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1 #define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 1
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

122
portable/CMakeLists.txt
View file

@ -453,6 +453,12 @@ add_library(freertos_kernel_port OBJECT
IAR/ARM_CM33_NTZ/non_secure/portasm.s IAR/ARM_CM33_NTZ/non_secure/portasm.s
IAR/ARM_CM33_NTZ/non_secure/mpu_wrappers_v2_asm.S> IAR/ARM_CM33_NTZ/non_secure/mpu_wrappers_v2_asm.S>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_TFM>:
IAR/ARM_CM33_NTZ/non_secure/port.c
IAR/ARM_CM33_NTZ/non_secure/portasm.s
IAR/ARM_CM33_NTZ/non_secure/mpu_wrappers_v2_asm.S
ThirdParty/GCC/ARM_TFM/os_wrapper_freertos.c>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM35P_NONSECURE>: $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM35P_NONSECURE>:
IAR/ARM_CM35P/non_secure/port.c IAR/ARM_CM35P/non_secure/port.c
IAR/ARM_CM35P/non_secure/portasm.s IAR/ARM_CM35P/non_secure/portasm.s
@ -486,6 +492,12 @@ add_library(freertos_kernel_port OBJECT
IAR/ARM_CM55_NTZ/non_secure/portasm.s IAR/ARM_CM55_NTZ/non_secure/portasm.s
IAR/ARM_CM55_NTZ/non_secure/mpu_wrappers_v2_asm.S> IAR/ARM_CM55_NTZ/non_secure/mpu_wrappers_v2_asm.S>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_TFM>:
IAR/ARM_CM55_NTZ/non_secure/port.c
IAR/ARM_CM55_NTZ/non_secure/portasm.s
IAR/ARM_CM55_NTZ/non_secure/mpu_wrappers_v2_asm.S
ThirdParty/GCC/ARM_TFM/os_wrapper_freertos.c>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_NONSECURE>: $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_NONSECURE>:
IAR/ARM_CM85/non_secure/port.c IAR/ARM_CM85/non_secure/port.c
IAR/ARM_CM85/non_secure/portasm.s IAR/ARM_CM85/non_secure/portasm.s
@ -502,6 +514,12 @@ add_library(freertos_kernel_port OBJECT
IAR/ARM_CM85_NTZ/non_secure/portasm.s IAR/ARM_CM85_NTZ/non_secure/portasm.s
IAR/ARM_CM85_NTZ/non_secure/mpu_wrappers_v2_asm.S> IAR/ARM_CM85_NTZ/non_secure/mpu_wrappers_v2_asm.S>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_TFM>:
IAR/ARM_CM85_NTZ/non_secure/port.c
IAR/ARM_CM85_NTZ/non_secure/portasm.s
IAR/ARM_CM85_NTZ/non_secure/mpu_wrappers_v2_asm.S
ThirdParty/GCC/ARM_TFM/os_wrapper_freertos.c>
# ARMv7-R Ports for IAR EWARM # ARMv7-R Ports for IAR EWARM
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CRX_NOGIC>: $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CRX_NOGIC>:
IAR/ARM_CRx_No_GIC/port.c IAR/ARM_CRx_No_GIC/port.c
@ -755,13 +773,112 @@ if( FREERTOS_PORT MATCHES "GCC_ARM_CM(3|4)_MPU" OR
FREERTOS_PORT MATCHES "GCC_ARM_CM(23|33|55|85)_NONSECURE" OR FREERTOS_PORT MATCHES "GCC_ARM_CM(23|33|55|85)_NONSECURE" OR
FREERTOS_PORT MATCHES "GCC_ARM_CM(33|55|85)_TFM" OR FREERTOS_PORT MATCHES "GCC_ARM_CM(33|55|85)_TFM" OR
FREERTOS_PORT MATCHES "IAR_ARM_CM(23|33|55|85)_NTZ_NONSECURE" OR FREERTOS_PORT MATCHES "IAR_ARM_CM(23|33|55|85)_NTZ_NONSECURE" OR
FREERTOS_PORT MATCHES "IAR_ARM_CM(23|33|55|85)_NONSECURE" FREERTOS_PORT MATCHES "IAR_ARM_CM(23|33|55|85)_NONSECURE" OR
FREERTOS_PORT MATCHES "IAR_ARM_CM(33|55|85)_TFM"
) )
target_sources(freertos_kernel_port PRIVATE target_sources(freertos_kernel_port PRIVATE
Common/mpu_wrappers.c Common/mpu_wrappers.c
Common/mpu_wrappers_v2.c Common/mpu_wrappers_v2.c
) )
endif() endif()
if (DEFINED FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG )
if(${CMAKE_C_COMPILER_ID} STREQUAL "GNU")
message(FATAL_ERROR "ARMv8.1-M PACBTI support in the kernel is not yet enabled for GNU toolchain due to known issues.")
endif()
if(FREERTOS_PORT MATCHES ".*ARM_CM85")
if(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_STANDARD")
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},ARMClang>:-mbranch-protection=standard>)
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},IAR>:$<$<COMPILE_LANGUAGE:C,CXX>:--branch_protection=bti+pac-ret>>)
target_compile_definitions(freertos_config
INTERFACE
configENABLE_PAC=1
configENABLE_BTI=1
)
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI")
if(${CMAKE_C_COMPILER_ID} STREQUAL "ARMClang")
target_compile_options(freertos_kernel_port
PUBLIC
-mbranch-protection=bti+pac-ret+leaf
)
target_compile_definitions(freertos_config
PUBLIC
configENABLE_PAC=1
configENABLE_BTI=1
)
elseif(${CMAKE_C_COMPILER_ID} STREQUAL "IAR")
message(FATAL_ERROR "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI PACBTI option is not supported on IAR Compiler.")
endif()
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_PACRET")
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},ARMClang>:-mbranch-protection=pac-ret>)
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},IAR>:$<$<COMPILE_LANGUAGE:C,CXX>:--branch_protection=pac-ret>>)
target_compile_definitions(freertos_config
PUBLIC
configENABLE_PAC=1
)
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF")
if(${CMAKE_C_COMPILER_ID} STREQUAL "ARMClang")
target_compile_options(freertos_kernel_port
PUBLIC
-mbranch-protection=pac-ret+leaf
)
target_compile_definitions(freertos_config
PUBLIC
configENABLE_PAC=1
)
elseif(${CMAKE_C_COMPILER_ID} STREQUAL "IAR")
message(FATAL_ERROR "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF PACBTI option is not supported on IAR Compiler.")
endif()
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_BTI")
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},ARMClang>:-mbranch-protection=bti>)
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},IAR>:$<$<COMPILE_LANGUAGE:C,CXX>:--branch_protection=bti>>)
target_compile_definitions(freertos_config
PUBLIC
configENABLE_BTI=1
)
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_NONE")
if(${CMAKE_C_COMPILER_ID} STREQUAL "ARMClang")
target_compile_options(freertos_kernel_port
PUBLIC
-mbranch-protection=none
)
endif()
target_compile_definitions(freertos_config
PUBLIC
configENABLE_PAC=0
configENABLE_BTI=0
)
else()
message(FATAL_ERROR "Invalid FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG configuration, the supported configurations are
ARM_V_8_1_M_PACBTI_CONFIG_STANDARD,
ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI,
ARM_V_8_1_M_PACBTI_CONFIG_PACRET,
ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF,
ARM_V_8_1_M_PACBTI_CONFIG_BTI,
ARM_V_8_1_M_PACBTI_CONFIG_NONE
")
endif()
if(NOT FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_NONE")
# The reason why `--library_security=pacbti-m` link option is defined for both `freertos_kernel_port`, and
# `freertos_kernel` targets even though `freertos_kernel_port` gets linked to `freertos_kernel` is that the
# `freertos_kernel_port` is an object library where its linker options don't propagate to the targets that
# link against it.
target_link_options(freertos_kernel_port
PUBLIC
--library_security=pacbti-m
)
target_link_options(freertos_kernel
PUBLIC
--library_security=pacbti-m
)
endif()
else()
message(FATAL_ERROR "FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG option is currently only supported on ARM Cortex-M85 FreeRTOS port.")
endif()
endif()
add_library(freertos_kernel_port_headers INTERFACE) add_library(freertos_kernel_port_headers INTERFACE)
target_include_directories(freertos_kernel_port_headers INTERFACE target_include_directories(freertos_kernel_port_headers INTERFACE
@ -956,6 +1073,7 @@ target_include_directories(freertos_kernel_port_headers INTERFACE
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33/non_secure> $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33/secure> $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33/secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_NTZ_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33_NTZ/non_secure> $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_NTZ_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_TFM>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM35P_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM35P/non_secure> $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM35P_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM35P/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM35P_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM35P/secure> $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM35P_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM35P/secure>
@ -965,10 +1083,12 @@ target_include_directories(freertos_kernel_port_headers INTERFACE
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55/non_secure> $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55/secure> $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55/secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_NTZ_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55_NTZ/non_secure> $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_NTZ_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_TFM>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85/non_secure> $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85/secure> $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85/secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_NTZ_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85_NTZ/non_secure> $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_NTZ_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_TFM>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85_NTZ/non_secure>
# ARMv7-R Ports for IAR EWARM # ARMv7-R Ports for IAR EWARM
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CRX_NOGIC>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CRx_No_GIC> $<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CRX_NOGIC>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CRx_No_GIC>

97
portable/GCC/ARM_CM23/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

3
portable/GCC/ARM_CM23/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23" #define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM23_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

3
portable/GCC/ARM_CM23_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23" #define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM33/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM33/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -134,8 +136,9 @@
" ldr r4, =xSecureContext \n" " ldr r4, =xSecureContext \n"
" str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */
" msr psplim, r2 \n" /* Set this task's PSPLIM value. */ " msr psplim, r2 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */ " mrs r1, control \n" /* Obtain current control register value. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */ " adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n" " isb \n"

3
portable/GCC/ARM_CM33/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33" #define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM33_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM33_NTZ/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -130,8 +132,9 @@
" \n" " \n"
" ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
" msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */ " mrs r1, control \n" /* Obtain current control register value. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */ " adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n" " isb \n"

3
portable/GCC/ARM_CM33_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33" #define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM35P/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM35P/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -134,8 +136,9 @@
" ldr r4, =xSecureContext \n" " ldr r4, =xSecureContext \n"
" str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */
" msr psplim, r2 \n" /* Set this task's PSPLIM value. */ " msr psplim, r2 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */ " mrs r1, control \n" /* Obtain current control register value. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */ " adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n" " isb \n"

3
portable/GCC/ARM_CM35P/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M35P" #define portARCH_NAME "Cortex-M35P"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM35P_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM35P_NTZ/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -130,8 +132,9 @@
" \n" " \n"
" ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
" msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */ " mrs r1, control \n" /* Obtain current control register value. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */ " adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n" " isb \n"

3
portable/GCC/ARM_CM35P_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M35P" #define portARCH_NAME "Cortex-M35P"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM55/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM55/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -134,8 +136,9 @@
" ldr r4, =xSecureContext \n" " ldr r4, =xSecureContext \n"
" str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */
" msr psplim, r2 \n" /* Set this task's PSPLIM value. */ " msr psplim, r2 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */ " mrs r1, control \n" /* Obtain current control register value. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */ " adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n" " isb \n"

3
portable/GCC/ARM_CM55/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M55" #define portARCH_NAME "Cortex-M55"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1 #define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM55_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM55_NTZ/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -130,8 +132,9 @@
" \n" " \n"
" ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
" msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */ " mrs r1, control \n" /* Obtain current control register value. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */ " adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n" " isb \n"

3
portable/GCC/ARM_CM55_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M55" #define portARCH_NAME "Cortex-M55"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1 #define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM85/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM85/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -134,8 +136,9 @@
" ldr r4, =xSecureContext \n" " ldr r4, =xSecureContext \n"
" str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */
" msr psplim, r2 \n" /* Set this task's PSPLIM value. */ " msr psplim, r2 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */ " mrs r1, control \n" /* Obtain current control register value. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */ " adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n" " isb \n"

3
portable/GCC/ARM_CM85/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M85" #define portARCH_NAME "Cortex-M85"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1 #define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 1
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM85_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM85_NTZ/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -130,8 +132,9 @@
" \n" " \n"
" ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
" msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */ " mrs r1, control \n" /* Obtain current control register value. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */ " adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n" " isb \n"

3
portable/GCC/ARM_CM85_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M85" #define portARCH_NAME "Cortex-M85"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1 #define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 1
#define portDONT_DISCARD __attribute__( ( used ) ) #define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM23/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

3
portable/IAR/ARM_CM23/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23" #define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM23_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

3
portable/IAR/ARM_CM23_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23" #define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM33/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM33/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -179,8 +181,9 @@ vRestoreContextOfFirstTask:
ldr r4, =xSecureContext ldr r4, =xSecureContext
str r1, [r4] /* Set xSecureContext to this task's value for the same. */ str r1, [r4] /* Set xSecureContext to this task's value for the same. */
msr psplim, r2 /* Set this task's PSPLIM value. */ msr psplim, r2 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */ mrs r1, control /* Obtain current control register value. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */ adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */ msr psp, r0 /* This is now the new top of stack to use in the task. */
isb isb

3
portable/IAR/ARM_CM33/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33" #define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM33_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM33_NTZ/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -165,8 +167,9 @@ vRestoreContextOfFirstTask:
ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
msr psplim, r1 /* Set this task's PSPLIM value. */ msr psplim, r1 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */ mrs r1, control /* Obtain current control register value. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */ adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */ msr psp, r0 /* This is now the new top of stack to use in the task. */
isb isb

3
portable/IAR/ARM_CM33_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33" #define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM35P/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM35P/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -179,8 +181,9 @@ vRestoreContextOfFirstTask:
ldr r4, =xSecureContext ldr r4, =xSecureContext
str r1, [r4] /* Set xSecureContext to this task's value for the same. */ str r1, [r4] /* Set xSecureContext to this task's value for the same. */
msr psplim, r2 /* Set this task's PSPLIM value. */ msr psplim, r2 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */ mrs r1, control /* Obtain current control register value. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */ adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */ msr psp, r0 /* This is now the new top of stack to use in the task. */
isb isb

3
portable/IAR/ARM_CM35P/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M35P" #define portARCH_NAME "Cortex-M35P"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM35P_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM35P_NTZ/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -165,8 +167,9 @@ vRestoreContextOfFirstTask:
ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
msr psplim, r1 /* Set this task's PSPLIM value. */ msr psplim, r1 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */ mrs r1, control /* Obtain current control register value. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */ adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */ msr psp, r0 /* This is now the new top of stack to use in the task. */
isb isb

3
portable/IAR/ARM_CM35P_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M35P" #define portARCH_NAME "Cortex-M35P"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0 #define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM55/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM55/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -179,8 +181,9 @@ vRestoreContextOfFirstTask:
ldr r4, =xSecureContext ldr r4, =xSecureContext
str r1, [r4] /* Set xSecureContext to this task's value for the same. */ str r1, [r4] /* Set xSecureContext to this task's value for the same. */
msr psplim, r2 /* Set this task's PSPLIM value. */ msr psplim, r2 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */ mrs r1, control /* Obtain current control register value. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */ adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */ msr psp, r0 /* This is now the new top of stack to use in the task. */
isb isb

3
portable/IAR/ARM_CM55/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M55" #define portARCH_NAME "Cortex-M55"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1 #define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM55_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM55_NTZ/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -165,8 +167,9 @@ vRestoreContextOfFirstTask:
ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
msr psplim, r1 /* Set this task's PSPLIM value. */ msr psplim, r1 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */ mrs r1, control /* Obtain current control register value. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */ adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */ msr psp, r0 /* This is now the new top of stack to use in the task. */
isb isb

3
portable/IAR/ARM_CM55_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M55" #define portARCH_NAME "Cortex-M55"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1 #define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM85/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM85/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -179,8 +181,9 @@ vRestoreContextOfFirstTask:
ldr r4, =xSecureContext ldr r4, =xSecureContext
str r1, [r4] /* Set xSecureContext to this task's value for the same. */ str r1, [r4] /* Set xSecureContext to this task's value for the same. */
msr psplim, r2 /* Set this task's PSPLIM value. */ msr psplim, r2 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */ mrs r1, control /* Obtain current control register value. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */ adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */ msr psp, r0 /* This is now the new top of stack to use in the task. */
isb isb

3
portable/IAR/ARM_CM85/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M85" #define portARCH_NAME "Cortex-M85"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1 #define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 1
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM85_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls. * any secure calls.
*/ */
#define portNO_SECURE_CONTEXT 0 #define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
/** /**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */ #endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/** /**
* @brief Setup the timer to generate the tick interrupts. * @brief Setup the timer to generate the tick interrupts.
* *
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{ {
uint32_t ulIndex = 0; uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++; ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++; ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE ) if( xRunPrivileged == pdTRUE )
{ {
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
else else
{ {
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG ); xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */ xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++; ulIndex++;
} }
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0; portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 ) #if ( configENABLE_MPU == 1 )
{ {
/* Setup the Memory Protection Unit (MPU). */ /* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM85_NTZ/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -165,8 +167,9 @@ vRestoreContextOfFirstTask:
ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
msr psplim, r1 /* Set this task's PSPLIM value. */ msr psplim, r1 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */ mrs r1, control /* Obtain current control register value. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */ adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */ msr psp, r0 /* This is now the new top of stack to use in the task. */
isb isb

3
portable/IAR/ARM_CM85_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/* /*
* FreeRTOS Kernel <DEVELOPMENT BRANCH> * FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
* *
* SPDX-License-Identifier: MIT * SPDX-License-Identifier: MIT
* *
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M85" #define portARCH_NAME "Cortex-M85"
#define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1 #define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 1
#define portDONT_DISCARD __root #define portDONT_DISCARD __root
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/