Hi Kalyani,

When both TF-A and TFTF are compiled with any enabled PAuth option, Secure and Normal worlds use different authentication keys,
which would have caused exception/data abort in a case key management had programming errors.
There is no specific test to check "leaf" option, but I would expect that TF-A and TFTF have leaf functions which are called during the boot stage and the execution of the test suite, successful completion of which indicates correct PAuth support (provided that compiler generates proper instructions for the "leaf" option).

Regards.

Alexei.

From: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
Sent: 28 September 2020 19:28
To: Alexei Fedorov <Alexei.Fedorov@arm.com>; tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Cc: Varun Wadekar <vwadekar@nvidia.com>
Subject: RE: [TF-A] Tests to verify BP_OPTION
 

Hi Alexei,

Does that mean test_pauth.c also test the BP_OPTION=pac-ret+leaf ?

But the test_pauth.c does not seem talk about the return address being signed (or) the extension of it to leaf functions.

Am I missing something?

 

For reference -

The TFTF PAUTH test result looks like below, not sure which of this covers the “pac-ret+leaf” -

 

 Executing 'Access Pointer Authentication Registers'
TEST COMPLETE Passed
> Executing 'Use Pointer Authentication Instructions'
TEST COMPLETE Passed
> Executing 'Check for Pointer Authentication key leakage from EL3'
TEST COMPLETE Passed
> Executing 'Check for Pointer Authentication key leakage from TSP'
TEST COMPLETE Skipped
No Trusted OS detected

 

>From GCC document

-mbranch-protection=none|standard|pac-ret[+leaf+b-key]|bti

Select the branch protection features to use. ‘none’ is the default and turns off all types of branch protection. ‘standard’ turns on all types of branch protection features. If a feature has additional tuning options, then ‘standard’ sets it to its standard level. ‘pac-ret[+leaf]’ turns on return address signing to its standard level: signing functions that save the return address to memory (non-leaf functions will practically always do this) using the a-key. The optional argument ‘leaf’ can be used to extend the signing to include leaf functions. The optional argument ‘b-key’ can be used to sign the functions with the B-key instead of the A-key. ‘bti’ turns on branch target identification mechanism.

 

Thanks,

Kalyani

 

 

 

From: Alexei Fedorov <Alexei.Fedorov@arm.com>
Sent: Monday, September 28, 2020 4:14 AM
To: tf-a@lists.trustedfirmware.org; Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
Subject: Re: [TF-A] Tests to verify BP_OPTION

 

External email: Use caution opening links or attachments

 

Hi,

 

tf-a-tests\tftf\tests\extensions\pauth\test_pauth.c will test

 

fvp-pauth-pac-ret-leaf-sdei,fvp-pauth-standard:fvp-tftf-fip.tftf-aemv8a.8_5-debug

fvp-pauth-pac-ret-leaf-tsp-sdei,fvp-pauth-standard:fvp-tftf-fip.tftf-aemv8a.8_5-debug

 

CI configurations.

 

Alexei

 

 

Alexei

From: TF-A <tf-a-bounces@lists.trustedfirmware.org> on behalf of Kalyani Chidambaram Vaidyanathan via TF-A <tf-a@lists.trustedfirmware.org>
Sent: 23 September 2020 18:25
To: tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Subject: [TF-A] Tests to verify BP_OPTION

 

Hi,

Is there any test to verify the BP_OPTION feature set to “pac-ret+leaf” ?

 

When BRANCH_PROTECTION is set to “3”, BP_OPTION is set to “pac-ret+leaf”.

Reference code - https://github.com/ARM-software/arm-trusted-firmware/blob/master/Makefile

 

Thanks,

Kalyani