len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-12-06 21:25:00 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'main' into macos-correct-stack

Browse source
This commit is contained in:
Gaurav-Aggarwal-AWS 2024-10-24 12:04:17 +05:30 committed by GitHub
commit da4cd8133d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
82 changed files with 2431 additions and 93 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.github/.cSpellWords.txt vendored
View file

@ -448,6 +448,7 @@ MAINRDY
MAIR
Mang
Mbits
mbranch
mcause
MCFR
MCKA
@ -586,6 +587,8 @@ OWATCOM
OWDR
OWER
OWSR
pacbti
PACBTI
PAGEN
PCDR
PCER
@ -900,6 +903,7 @@ TXTEN
TXUBR
TXVC
TXVDIS
UBTI
UDCP
UNACKED
uncrustify
@ -915,6 +919,7 @@ UNSUB
UNSUBACK
unsubscriptions
unsuspended
UPAC
URAD
URAT
URSTEN

2
.github/CODEOWNERS vendored
View file

@ -4,7 +4,7 @@
# the repo. Unless a later match takes precedence,
# @global-owner1 and @global-owner2 will be requested for
# review when someone opens a pull request.
* @FreeRTOS/pr-bar-raiser
* @FreeRTOS/pr-bar-raisers
# Order is important; the last matching pattern takes the most
# precedence. When someone opens a pull request that only

85
.github/scripts/kernel_checker.py vendored
View file

@ -28,6 +28,7 @@
# */
import os
import re
from common.header_checker import HeaderChecker
#--------------------------------------------------------------------------------------------------
@ -106,6 +107,15 @@ KERNEL_THIRD_PARTY_PATTERNS = [
r'.*portable/GCC/AVR32_UC3/.*',
]
KERNEL_ARM_COLLAB_FILES_PATTERNS = [
r'.*portable/ARMv8M/*',
r'.*portable/.*/ARM_CM23*',
r'.*portable/.*/ARM_CM33*',
r'.*portable/.*/ARM_CM35*',
r'.*portable/.*/ARM_CM55*',
r'.*portable/.*/ARM_CM85*',
]
KERNEL_HEADER = [
'/*\n',
' * FreeRTOS Kernel <DEVELOPMENT BRANCH>\n',
@ -139,12 +149,85 @@ KERNEL_HEADER = [
FREERTOS_COPYRIGHT_REGEX = r"^(;|#)?( *(\/\*|\*|#|\/\/))? Copyright \(C\) 20\d\d Amazon.com, Inc. or its affiliates. All Rights Reserved\.( \*\/)?$"
FREERTOS_ARM_COLLAB_COPYRIGHT_REGEX = r"(^(;|#)?( *(\/\*|\*|#|\/\/))? Copyright \(C\) 20\d\d Amazon.com, Inc. or its affiliates. All Rights Reserved\.( \*\/)?$)|" + \
r"(^(;|#)?( *(\/\*|\*|#|\/\/))? Copyright 20\d\d Arm Limited and/or its affiliates( \*\/)?$)|" + \
r"(^(;|#)?( *(\/\*|\*|#|\/\/))? <open-source-office@arm.com>( \*\/)?$)"
class KernelHeaderChecker(HeaderChecker):
def __init__(
self,
header,
padding=1000,
ignored_files=None,
ignored_ext=None,
ignored_patterns=None,
py_ext=None,
asm_ext=None,
third_party_patterns=None,
copyright_regex = None
):
super().__init__(header, padding, ignored_files, ignored_ext, ignored_patterns,
py_ext, asm_ext, third_party_patterns, copyright_regex)
self.armCollabRegex = re.compile(FREERTOS_ARM_COLLAB_COPYRIGHT_REGEX)
self.armCollabFilesPatternList = []
for pattern in KERNEL_ARM_COLLAB_FILES_PATTERNS:
self.armCollabFilesPatternList.append(re.compile(pattern))
def isArmCollabFile(self, path):
for pattern in self.armCollabFilesPatternList:
if pattern.match(path):
return True
return False
def checkArmCollabFile(self, path):
isValid = False
file_ext = os.path.splitext(path)[-1]
with open(path, encoding="utf-8", errors="ignore") as file:
chunk = file.read(len("".join(self.header)) + self.padding)
lines = [("%s\n" % line) for line in chunk.strip().splitlines()][
: len(self.header) + 2
]
if (len(lines) > 0) and (lines[0].find("#!") == 0):
lines.remove(lines[0])
# Split lines in sections.
headers = dict()
headers["text"] = []
headers["copyright"] = []
headers["spdx"] = []
for line in lines:
if self.armCollabRegex.match(line):
headers["copyright"].append(line)
elif "SPDX-License-Identifier:" in line:
headers["spdx"].append(line)
else:
headers["text"].append(line)
text_equal = self.isValidHeaderSection(file_ext, "text", headers["text"])
spdx_equal = self.isValidHeaderSection(file_ext, "spdx", headers["spdx"])
if text_equal and spdx_equal and len(headers["copyright"]) == 3:
isValid = True
return isValid
def customCheck(self, path):
isValid = False
if self.isArmCollabFile(path):
isValid = self.checkArmCollabFile(path)
return isValid
def main():
parser = HeaderChecker.configArgParser()
args = parser.parse_args()
# Configure the checks then run
checker = HeaderChecker(KERNEL_HEADER,
checker = KernelHeaderChecker(KERNEL_HEADER,
copyright_regex=FREERTOS_COPYRIGHT_REGEX,
ignored_files=KERNEL_IGNORED_FILES,
ignored_ext=KERNEL_IGNORED_EXTENSIONS,

3
CMakeLists.txt
View file

@ -138,15 +138,18 @@ if(NOT FREERTOS_PORT)
" IAR_ARM_CM33_NONSECURE - Compiler: IAR Target: ARM Cortex-M33 non-secure\n"
" IAR_ARM_CM33_SECURE - Compiler: IAR Target: ARM Cortex-M33 secure\n"
" IAR_ARM_CM33_NTZ_NONSECURE - Compiler: IAR Target: ARM Cortex-M33 non-trustzone non-secure\n"
" IAR_ARM_CM33_TFM - Compiler: IAR Target: ARM Cortex-M33 non-secure for TF-M\n"
" IAR_ARM_CM35P_NONSECURE - Compiler: IAR Target: ARM Cortex-M35P non-secure\n"
" IAR_ARM_CM35P_SECURE - Compiler: IAR Target: ARM Cortex-M35P secure\n"
" IAR_ARM_CM35P_NTZ_NONSECURE - Compiler: IAR Target: ARM Cortex-M35P non-trustzone non-secure\n"
" IAR_ARM_CM55_NONSECURE - Compiler: IAR Target: ARM Cortex-M55 non-secure\n"
" IAR_ARM_CM55_SECURE - Compiler: IAR Target: ARM Cortex-M55 secure\n"
" IAR_ARM_CM55_NTZ_NONSECURE - Compiler: IAR Target: ARM Cortex-M55 non-trustzone non-secure\n"
" IAR_ARM_CM55_TFM - Compiler: IAR Target: ARM Cortex-M55 non-secure for TF-M\n"
" IAR_ARM_CM85_NONSECURE - Compiler: IAR Target: ARM Cortex-M85 non-secure\n"
" IAR_ARM_CM85_SECURE - Compiler: IAR Target: ARM Cortex-M85 secure\n"
" IAR_ARM_CM85_NTZ_NONSECURE - Compiler: IAR Target: ARM Cortex-M85 non-trustzone non-secure\n"
" IAR_ARM_CM85_TFM - Compiler: IAR Target: ARM Cortex-M85 non-secure for TF-M\n"
" IAR_ARM_CRX_NOGIC - Compiler: IAR Target: ARM Cortex-Rx no GIC\n"
" IAR_ATMEGA323 - Compiler: IAR Target: ATMega323\n"
" IAR_ATMEL_SAM7S64 - Compiler: IAR Target: Atmel SAM7S64\n"

2
examples/coverity/README.md
View file

@ -17,7 +17,7 @@ files.
## Getting Started
### Prerequisites
Coverity can be run on any platform mentioned [here](https://sig-docs.synopsys.com/polaris/topics/c_coverity-compatible-platforms.html).
Coverity can be run on any platform mentioned [here](https://documentation.blackduck.com/bundle/coverity-docs/page/deploy-install-guide/topics/supported_platforms_for_coverity_analysis.html).
The following are the prerequisites to generate coverity report:
1. CMake version > 3.13.0 (You can check whether you have this by typing `cmake --version`).

12
include/FreeRTOS.h
View file

@ -3032,6 +3032,18 @@
#define configCONTROL_INFINITE_LOOP()
#endif
/* Set configENABLE_PAC and/or configENABLE_BTI to 1 to enable PAC and/or BTI
* support and 0 to disable them. These are currently used in ARMv8.1-M ports. */
#if ( portHAS_PACBTI_FEATURE == 1 )
#ifndef configENABLE_PAC
#define configENABLE_PAC 0
#endif
#ifndef configENABLE_BTI
#define configENABLE_BTI 0
#endif
#endif
/* Sometimes the FreeRTOSConfig.h settings only allow a task to be created using
* dynamically allocated RAM, in which case when any task is deleted it is known
* that both the task's stack and TCB need to be freed. Sometimes the

97
portable/ARMv8M/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM23/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM23_NTZ/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

7
portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portasm.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -134,8 +136,9 @@
" ldr r4, =xSecureContext \n"
" str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */
" msr psplim, r2 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */
" mrs r1, control \n" /* Obtain current control register value. */
" orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n"

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

7
portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portasm.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -130,8 +132,9 @@
" \n"
" ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
" msr psplim, r1 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */
" mrs r1, control \n" /* Obtain current control register value. */
" orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n"

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM35P/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M35P"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM55/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M55"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/GCC/ARM_CM85/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M85"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 1
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM23/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM23_NTZ/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

7
portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portasm.s
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -179,8 +181,9 @@ vRestoreContextOfFirstTask:
ldr r4, =xSecureContext
str r1, [r4] /* Set xSecureContext to this task's value for the same. */
msr psplim, r2 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */
mrs r1, control /* Obtain current control register value. */
orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */
isb

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

7
portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portasm.s
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -165,8 +167,9 @@ vRestoreContextOfFirstTask:
ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
msr psplim, r1 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */
mrs r1, control /* Obtain current control register value. */
orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */
isb

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM35P/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M35P"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM55/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M55"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

3
portable/ARMv8M/non_secure/portable/IAR/ARM_CM85/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M85"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 1
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

122
portable/CMakeLists.txt
View file

@ -453,6 +453,12 @@ add_library(freertos_kernel_port OBJECT
IAR/ARM_CM33_NTZ/non_secure/portasm.s
IAR/ARM_CM33_NTZ/non_secure/mpu_wrappers_v2_asm.S>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_TFM>:
IAR/ARM_CM33_NTZ/non_secure/port.c
IAR/ARM_CM33_NTZ/non_secure/portasm.s
IAR/ARM_CM33_NTZ/non_secure/mpu_wrappers_v2_asm.S
ThirdParty/GCC/ARM_TFM/os_wrapper_freertos.c>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM35P_NONSECURE>:
IAR/ARM_CM35P/non_secure/port.c
IAR/ARM_CM35P/non_secure/portasm.s
@ -486,6 +492,12 @@ add_library(freertos_kernel_port OBJECT
IAR/ARM_CM55_NTZ/non_secure/portasm.s
IAR/ARM_CM55_NTZ/non_secure/mpu_wrappers_v2_asm.S>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_TFM>:
IAR/ARM_CM55_NTZ/non_secure/port.c
IAR/ARM_CM55_NTZ/non_secure/portasm.s
IAR/ARM_CM55_NTZ/non_secure/mpu_wrappers_v2_asm.S
ThirdParty/GCC/ARM_TFM/os_wrapper_freertos.c>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_NONSECURE>:
IAR/ARM_CM85/non_secure/port.c
IAR/ARM_CM85/non_secure/portasm.s
@ -502,6 +514,12 @@ add_library(freertos_kernel_port OBJECT
IAR/ARM_CM85_NTZ/non_secure/portasm.s
IAR/ARM_CM85_NTZ/non_secure/mpu_wrappers_v2_asm.S>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_TFM>:
IAR/ARM_CM85_NTZ/non_secure/port.c
IAR/ARM_CM85_NTZ/non_secure/portasm.s
IAR/ARM_CM85_NTZ/non_secure/mpu_wrappers_v2_asm.S
ThirdParty/GCC/ARM_TFM/os_wrapper_freertos.c>
# ARMv7-R Ports for IAR EWARM
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CRX_NOGIC>:
IAR/ARM_CRx_No_GIC/port.c
@ -755,13 +773,112 @@ if( FREERTOS_PORT MATCHES "GCC_ARM_CM(3|4)_MPU" OR
FREERTOS_PORT MATCHES "GCC_ARM_CM(23|33|55|85)_NONSECURE" OR
FREERTOS_PORT MATCHES "GCC_ARM_CM(33|55|85)_TFM" OR
FREERTOS_PORT MATCHES "IAR_ARM_CM(23|33|55|85)_NTZ_NONSECURE" OR
FREERTOS_PORT MATCHES "IAR_ARM_CM(23|33|55|85)_NONSECURE"
FREERTOS_PORT MATCHES "IAR_ARM_CM(23|33|55|85)_NONSECURE" OR
FREERTOS_PORT MATCHES "IAR_ARM_CM(33|55|85)_TFM"
)
target_sources(freertos_kernel_port PRIVATE
Common/mpu_wrappers.c
Common/mpu_wrappers_v2.c
)
endif()
if (DEFINED FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG )
if(${CMAKE_C_COMPILER_ID} STREQUAL "GNU")
message(FATAL_ERROR "ARMv8.1-M PACBTI support in the kernel is not yet enabled for GNU toolchain due to known issues.")
endif()
if(FREERTOS_PORT MATCHES ".*ARM_CM85")
if(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_STANDARD")
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},ARMClang>:-mbranch-protection=standard>)
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},IAR>:$<$<COMPILE_LANGUAGE:C,CXX>:--branch_protection=bti+pac-ret>>)
target_compile_definitions(freertos_config
INTERFACE
configENABLE_PAC=1
configENABLE_BTI=1
)
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI")
if(${CMAKE_C_COMPILER_ID} STREQUAL "ARMClang")
target_compile_options(freertos_kernel_port
PUBLIC
-mbranch-protection=bti+pac-ret+leaf
)
target_compile_definitions(freertos_config
PUBLIC
configENABLE_PAC=1
configENABLE_BTI=1
)
elseif(${CMAKE_C_COMPILER_ID} STREQUAL "IAR")
message(FATAL_ERROR "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI PACBTI option is not supported on IAR Compiler.")
endif()
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_PACRET")
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},ARMClang>:-mbranch-protection=pac-ret>)
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},IAR>:$<$<COMPILE_LANGUAGE:C,CXX>:--branch_protection=pac-ret>>)
target_compile_definitions(freertos_config
PUBLIC
configENABLE_PAC=1
)
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF")
if(${CMAKE_C_COMPILER_ID} STREQUAL "ARMClang")
target_compile_options(freertos_kernel_port
PUBLIC
-mbranch-protection=pac-ret+leaf
)
target_compile_definitions(freertos_config
PUBLIC
configENABLE_PAC=1
)
elseif(${CMAKE_C_COMPILER_ID} STREQUAL "IAR")
message(FATAL_ERROR "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF PACBTI option is not supported on IAR Compiler.")
endif()
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_BTI")
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},ARMClang>:-mbranch-protection=bti>)
target_compile_options(freertos_kernel_port PUBLIC $<$<STREQUAL:${CMAKE_C_COMPILER_ID},IAR>:$<$<COMPILE_LANGUAGE:C,CXX>:--branch_protection=bti>>)
target_compile_definitions(freertos_config
PUBLIC
configENABLE_BTI=1
)
elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_NONE")
if(${CMAKE_C_COMPILER_ID} STREQUAL "ARMClang")
target_compile_options(freertos_kernel_port
PUBLIC
-mbranch-protection=none
)
endif()
target_compile_definitions(freertos_config
PUBLIC
configENABLE_PAC=0
configENABLE_BTI=0
)
else()
message(FATAL_ERROR "Invalid FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG configuration, the supported configurations are
ARM_V_8_1_M_PACBTI_CONFIG_STANDARD,
ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI,
ARM_V_8_1_M_PACBTI_CONFIG_PACRET,
ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF,
ARM_V_8_1_M_PACBTI_CONFIG_BTI,
ARM_V_8_1_M_PACBTI_CONFIG_NONE
")
endif()
if(NOT FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_NONE")
# The reason why `--library_security=pacbti-m` link option is defined for both `freertos_kernel_port`, and
# `freertos_kernel` targets even though `freertos_kernel_port` gets linked to `freertos_kernel` is that the
# `freertos_kernel_port` is an object library where its linker options don't propagate to the targets that
# link against it.
target_link_options(freertos_kernel_port
PUBLIC
--library_security=pacbti-m
)
target_link_options(freertos_kernel
PUBLIC
--library_security=pacbti-m
)
endif()
else()
message(FATAL_ERROR "FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG option is currently only supported on ARM Cortex-M85 FreeRTOS port.")
endif()
endif()
add_library(freertos_kernel_port_headers INTERFACE)
target_include_directories(freertos_kernel_port_headers INTERFACE
@ -956,6 +1073,7 @@ target_include_directories(freertos_kernel_port_headers INTERFACE
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33/secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_NTZ_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM33_TFM>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM33_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM35P_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM35P/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM35P_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM35P/secure>
@ -965,10 +1083,12 @@ target_include_directories(freertos_kernel_port_headers INTERFACE
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55/secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_NTZ_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM55_TFM>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM55_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_SECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85/secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_NTZ_NONSECURE>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85_NTZ/non_secure>
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CM85_TFM>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CM85_NTZ/non_secure>
# ARMv7-R Ports for IAR EWARM
$<$<STREQUAL:${FREERTOS_PORT},IAR_ARM_CRX_NOGIC>:${CMAKE_CURRENT_LIST_DIR}/IAR/ARM_CRx_No_GIC>

97
portable/GCC/ARM_CM23/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

3
portable/GCC/ARM_CM23/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM23_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

3
portable/GCC/ARM_CM23_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM33/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM33/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -134,8 +136,9 @@
" ldr r4, =xSecureContext \n"
" str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */
" msr psplim, r2 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */
" mrs r1, control \n" /* Obtain current control register value. */
" orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n"

3
portable/GCC/ARM_CM33/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM33_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM33_NTZ/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -130,8 +132,9 @@
" \n"
" ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
" msr psplim, r1 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */
" mrs r1, control \n" /* Obtain current control register value. */
" orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n"

3
portable/GCC/ARM_CM33_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM35P/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM35P/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -134,8 +136,9 @@
" ldr r4, =xSecureContext \n"
" str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */
" msr psplim, r2 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */
" mrs r1, control \n" /* Obtain current control register value. */
" orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n"

3
portable/GCC/ARM_CM35P/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M35P"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM35P_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM35P_NTZ/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -130,8 +132,9 @@
" \n"
" ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
" msr psplim, r1 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */
" mrs r1, control \n" /* Obtain current control register value. */
" orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n"

3
portable/GCC/ARM_CM35P_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M35P"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM55/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM55/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -134,8 +136,9 @@
" ldr r4, =xSecureContext \n"
" str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */
" msr psplim, r2 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */
" mrs r1, control \n" /* Obtain current control register value. */
" orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n"

3
portable/GCC/ARM_CM55/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M55"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM55_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM55_NTZ/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -130,8 +132,9 @@
" \n"
" ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
" msr psplim, r1 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */
" mrs r1, control \n" /* Obtain current control register value. */
" orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n"

3
portable/GCC/ARM_CM55_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M55"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM85/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM85/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -134,8 +136,9 @@
" ldr r4, =xSecureContext \n"
" str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */
" msr psplim, r2 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */
" mrs r1, control \n" /* Obtain current control register value. */
" orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n"

3
portable/GCC/ARM_CM85/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M85"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 1
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

97
portable/GCC/ARM_CM85_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/GCC/ARM_CM85_NTZ/non_secure/portasm.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -130,8 +132,9 @@
" \n"
" ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
" msr psplim, r1 \n" /* Set this task's PSPLIM value. */
" movs r1, #2 \n" /* r1 = 2. */
" msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */
" mrs r1, control \n" /* Obtain current control register value. */
" orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */
" msr control, r1 \n" /* Write back the new control register value. */
" adds r0, #32 \n" /* Discard everything up to r0. */
" msr psp, r0 \n" /* This is now the new top of stack to use in the task. */
" isb \n"

3
portable/GCC/ARM_CM85_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M85"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 1
#define portDONT_DISCARD __attribute__( ( used ) )
/*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM23/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

3
portable/IAR/ARM_CM23/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM23_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

3
portable/IAR/ARM_CM23_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M23"
#define portHAS_ARMV8M_MAIN_EXTENSION 0
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM33/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM33/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -179,8 +181,9 @@ vRestoreContextOfFirstTask:
ldr r4, =xSecureContext
str r1, [r4] /* Set xSecureContext to this task's value for the same. */
msr psplim, r2 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */
mrs r1, control /* Obtain current control register value. */
orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */
isb

3
portable/IAR/ARM_CM33/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM33_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM33_NTZ/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -165,8 +167,9 @@ vRestoreContextOfFirstTask:
ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
msr psplim, r1 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */
mrs r1, control /* Obtain current control register value. */
orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */
isb

3
portable/IAR/ARM_CM33_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M33"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM35P/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM35P/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -179,8 +181,9 @@ vRestoreContextOfFirstTask:
ldr r4, =xSecureContext
str r1, [r4] /* Set xSecureContext to this task's value for the same. */
msr psplim, r2 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */
mrs r1, control /* Obtain current control register value. */
orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */
isb

3
portable/IAR/ARM_CM35P/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M35P"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM35P_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM35P_NTZ/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -165,8 +167,9 @@ vRestoreContextOfFirstTask:
ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
msr psplim, r1 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */
mrs r1, control /* Obtain current control register value. */
orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */
isb

3
portable/IAR/ARM_CM35P_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -51,6 +53,7 @@
#define portARCH_NAME "Cortex-M35P"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 0
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM55/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM55/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -179,8 +181,9 @@ vRestoreContextOfFirstTask:
ldr r4, =xSecureContext
str r1, [r4] /* Set xSecureContext to this task's value for the same. */
msr psplim, r2 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */
mrs r1, control /* Obtain current control register value. */
orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */
isb

3
portable/IAR/ARM_CM55/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M55"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM55_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM55_NTZ/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -165,8 +167,9 @@ vRestoreContextOfFirstTask:
ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
msr psplim, r1 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */
mrs r1, control /* Obtain current control register value. */
orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */
isb

3
portable/IAR/ARM_CM55_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M55"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 0
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM85/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM85/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -179,8 +181,9 @@ vRestoreContextOfFirstTask:
ldr r4, =xSecureContext
str r1, [r4] /* Set xSecureContext to this task's value for the same. */
msr psplim, r2 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */
mrs r1, control /* Obtain current control register value. */
orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */
isb

3
portable/IAR/ARM_CM85/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M85"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 1
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/

97
portable/IAR/ARM_CM85_NTZ/non_secure/port.c
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
#define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) )
#define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
#define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL )
#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL )
/*-----------------------------------------------------------*/
/**
@ -373,6 +376,20 @@ typedef void ( * portISR_t )( void );
* any secure calls.
*/
#define portNO_SECURE_CONTEXT 0
/**
* @brief Constants required to check and configure PACBTI security feature implementation.
*/
#if ( portHAS_PACBTI_FEATURE == 1 )
#define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
#define portCONTROL_UPAC_EN ( 1UL << 7UL )
#define portCONTROL_PAC_EN ( 1UL << 6UL )
#define portCONTROL_UBTI_EN ( 1UL << 5UL )
#define portCONTROL_BTI_EN ( 1UL << 4UL )
#endif /* portHAS_PACBTI_FEATURE */
/*-----------------------------------------------------------*/
/**
@ -410,6 +427,26 @@ static void prvTaskExitError( void );
static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
#endif /* configENABLE_FPU */
#if ( portHAS_PACBTI_FEATURE == 1 )
/**
* @brief Configures PACBTI features.
*
* This function configures the Pointer Authentication, and Branch Target
* Identification security features as per the user configuration. It returns
* the value of the special purpose CONTROL register accordingly, and optionally
* updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M
* architecture based) target supports PACBTI security feature.
*
* @param xWriteControlRegister Used to control whether the special purpose
* CONTROL register should be updated or not.
*
* @return CONTROL register value according to the configured PACBTI option.
*/
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister );
#endif /* portHAS_PACBTI_FEATURE */
/**
* @brief Setup the timer to generate the tick interrupts.
*
@ -1457,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */
{
uint32_t ulIndex = 0;
uint32_t ulControl = 0x0;
xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */
ulIndex++;
@ -1503,16 +1541,24 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */
ulIndex++;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Check PACBTI security feature configuration before pushing the
* CONTROL register's value on task's TCB. */
ulControl = prvConfigurePACBTI( pdFALSE );
}
#endif /* portHAS_PACBTI_FEATURE */
if( xRunPrivileged == pdTRUE )
{
xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG;
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_PRIVILEGED ); /* CONTROL. */
ulIndex++;
}
else
{
xMPUSettings->ulTaskFlags &= ( ~portTASK_IS_PRIVILEGED_FLAG );
xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED; /* CONTROL. */
xMPUSettings->ulContext[ ulIndex ] = ( ulControl | ( uint32_t ) portINITIAL_CONTROL_UNPRIVILEGED ); /* CONTROL. */
ulIndex++;
}
@ -1740,6 +1786,14 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
portNVIC_SHPR2_REG = 0;
#if ( portHAS_PACBTI_FEATURE == 1 )
{
/* Set the CONTROL register value based on PACBTI security feature
* configuration before starting the first task. */
( void) prvConfigurePACBTI( pdTRUE );
}
#endif /* portHAS_PACBTI_FEATURE */
#if ( configENABLE_MPU == 1 )
{
/* Setup the Memory Protection Unit (MPU). */
@ -2158,3 +2212,42 @@ BaseType_t xPortIsInsideInterrupt( void )
#endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
/*-----------------------------------------------------------*/
#if ( portHAS_PACBTI_FEATURE == 1 )
static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister )
{
uint32_t ulControl = 0x0;
/* Ensure that PACBTI is implemented. */
configASSERT( portID_ISAR5_REG != 0x0 );
/* Enable UsageFault exception if PAC or BTI is enabled. */
#if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) )
{
portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
}
#endif
#if( configENABLE_PAC == 1 )
{
ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN );
}
#endif
#if( configENABLE_BTI == 1 )
{
ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN );
}
#endif
if( xWriteControlRegister == pdTRUE )
{
__asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
}
return ulControl;
}
#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */
/*-----------------------------------------------------------*/

7
portable/IAR/ARM_CM85_NTZ/non_secure/portasm.s
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -165,8 +167,9 @@ vRestoreContextOfFirstTask:
ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */
msr psplim, r1 /* Set this task's PSPLIM value. */
movs r1, #2 /* r1 = 2. */
msr CONTROL, r1 /* Switch to use PSP in the thread mode. */
mrs r1, control /* Obtain current control register value. */
orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */
msr control, r1 /* Write back the new control register value. */
adds r0, #32 /* Discard everything up to r0. */
msr psp, r0 /* This is now the new top of stack to use in the task. */
isb

3
portable/IAR/ARM_CM85_NTZ/non_secure/portmacro.h
View file

@ -1,6 +1,8 @@
/*
* FreeRTOS Kernel <DEVELOPMENT BRANCH>
* Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Copyright 2024 Arm Limited and/or its affiliates
* <open-source-office@arm.com>
*
* SPDX-License-Identifier: MIT
*
@ -56,6 +58,7 @@
#define portARCH_NAME "Cortex-M85"
#define portHAS_ARMV8M_MAIN_EXTENSION 1
#define portARMV8M_MINOR_VERSION 1
#define portHAS_PACBTI_FEATURE 1
#define portDONT_DISCARD __root
/*-----------------------------------------------------------*/