Hi Alexei, Does that mean test_pauth.c also test the BP_OPTION=pac-ret+leaf ? But the test_pauth.c does not seem talk about the return address being signed (or) the extension of it to leaf functions. Am I missing something?
For reference - The TFTF PAUTH test result looks like below, not sure which of this covers the "pac-ret+leaf" -
Executing 'Access Pointer Authentication Registers' TEST COMPLETE Passed
Executing 'Use Pointer Authentication Instructions'
TEST COMPLETE Passed
Executing 'Check for Pointer Authentication key leakage from EL3'
TEST COMPLETE Passed
Executing 'Check for Pointer Authentication key leakage from TSP'
TEST COMPLETE Skipped No Trusted OS detected
From GCC document
-mbranch-protection=none|standard|pac-ret[+leaf+b-key]|bti Select the branch protection features to use. 'none' is the default and turns off all types of branch protection. 'standard' turns on all types of branch protection features. If a feature has additional tuning options, then 'standard' sets it to its standard level. 'pac-ret[+leaf]' turns on return address signing to its standard level: signing functions that save the return address to memory (non-leaf functions will practically always do this) using the a-key. The optional argument 'leaf' can be used to extend the signing to include leaf functions. The optional argument 'b-key' can be used to sign the functions with the B-key instead of the A-key. 'bti' turns on branch target identification mechanism.
Thanks, Kalyani
From: Alexei Fedorov Alexei.Fedorov@arm.com Sent: Monday, September 28, 2020 4:14 AM To: tf-a@lists.trustedfirmware.org; Kalyani Chidambaram Vaidyanathan kalyanic@nvidia.com Subject: Re: [TF-A] Tests to verify BP_OPTION
External email: Use caution opening links or attachments
Hi,
tf-a-tests\tftf\tests\extensions\pauth\test_pauth.c will test
fvp-pauth-pac-ret-leaf-sdei,fvp-pauth-standard:fvp-tftf-fip.tftf-aemv8a.8_5-debug fvp-pauth-pac-ret-leaf-tsp-sdei,fvp-pauth-standard:fvp-tftf-fip.tftf-aemv8a.8_5-debug
CI configurations.
Alexei
Alexei
________________________________ From: TF-A <tf-a-bounces@lists.trustedfirmware.orgmailto:tf-a-bounces@lists.trustedfirmware.org> on behalf of Kalyani Chidambaram Vaidyanathan via TF-A <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Sent: 23 September 2020 18:25 To: tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: [TF-A] Tests to verify BP_OPTION
Hi,
Is there any test to verify the BP_OPTION feature set to "pac-ret+leaf" ?
When BRANCH_PROTECTION is set to "3", BP_OPTION is set to "pac-ret+leaf".
Reference code - https://github.com/ARM-software/arm-trusted-firmware/blob/master/Makefile
Thanks,
Kalyani