Hi Kalyani,
When both TF-A and TFTF are compiled with any enabled PAuth option, Secure and Normal worlds use different authentication keys, which would have caused exception/data abort in a case key management had programming errors. There is no specific test to check "leaf" option, but I would expect that TF-A and TFTF have leaf functions which are called during the boot stage and the execution of the test suite, successful completion of which indicates correct PAuth support (provided that compiler generates proper instructions for the "leaf" option).
Regards.
Alexei.
________________________________ From: Kalyani Chidambaram Vaidyanathan kalyanic@nvidia.com Sent: 28 September 2020 19:28 To: Alexei Fedorov Alexei.Fedorov@arm.com; tf-a@lists.trustedfirmware.org tf-a@lists.trustedfirmware.org Cc: Varun Wadekar vwadekar@nvidia.com Subject: RE: [TF-A] Tests to verify BP_OPTION
Hi Alexei,
Does that mean test_pauth.c also test the BP_OPTION=pac-ret+leaf ?
But the test_pauth.c does not seem talk about the return address being signed (or) the extension of it to leaf functions.
Am I missing something?
For reference -
The TFTF PAUTH test result looks like below, not sure which of this covers the “pac-ret+leaf” -
Executing 'Access Pointer Authentication Registers' TEST COMPLETE Passed
Executing 'Use Pointer Authentication Instructions'
TEST COMPLETE Passed
Executing 'Check for Pointer Authentication key leakage from EL3'
TEST COMPLETE Passed
Executing 'Check for Pointer Authentication key leakage from TSP'
TEST COMPLETE Skipped No Trusted OS detected
From GCC document
-mbranch-protection=none|standard|pac-ret[+leaf+b-key]|bti
Select the branch protection features to use. ‘none’ is the default and turns off all types of branch protection. ‘standard’ turns on all types of branch protection features. If a feature has additional tuning options, then ‘standard’ sets it to its standard level. ‘pac-ret[+leaf]’ turns on return address signing to its standard level: signing functions that save the return address to memory (non-leaf functions will practically always do this) using the a-key. The optional argument ‘leaf’ can be used to extend the signing to include leaf functions. The optional argument ‘b-key’ can be used to sign the functions with the B-key instead of the A-key. ‘bti’ turns on branch target identification mechanism.
Thanks,
Kalyani
From: Alexei Fedorov Alexei.Fedorov@arm.com Sent: Monday, September 28, 2020 4:14 AM To: tf-a@lists.trustedfirmware.org; Kalyani Chidambaram Vaidyanathan kalyanic@nvidia.com Subject: Re: [TF-A] Tests to verify BP_OPTION
External email: Use caution opening links or attachments
Hi,
tf-a-tests\tftf\tests\extensions\pauth\test_pauth.c will test
fvp-pauth-pac-ret-leaf-sdei,fvp-pauth-standard:fvp-tftf-fip.tftf-aemv8a.8_5-debug
fvp-pauth-pac-ret-leaf-tsp-sdei,fvp-pauth-standard:fvp-tftf-fip.tftf-aemv8a.8_5-debug
CI configurations.
Alexei
Alexei
________________________________
From: TF-A <tf-a-bounces@lists.trustedfirmware.orgmailto:tf-a-bounces@lists.trustedfirmware.org> on behalf of Kalyani Chidambaram Vaidyanathan via TF-A <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Sent: 23 September 2020 18:25 To: tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: [TF-A] Tests to verify BP_OPTION
Hi,
Is there any test to verify the BP_OPTION feature set to “pac-ret+leaf” ?
When BRANCH_PROTECTION is set to “3”, BP_OPTION is set to “pac-ret+leaf”.
Reference code - https://github.com/ARM-software/arm-trusted-firmware/blob/master/Makefile
Thanks,
Kalyani