Browse Source

Tegra: enable stack protection

This patch sets ENABLE_STACK_PROTECTOR=strong and implements
the platform support to generate a stack protection canary value.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ia8afe464b5645917b1c77d49305d19c7cd01866a
Varun Wadekar 4 years ago
parent
commit
359acf7746

+ 5 - 0
plat/nvidia/tegra/common/tegra_common.mk

@@ -1,5 +1,6 @@
 #
 # Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -32,3 +33,7 @@ BL31_SOURCES		+=	drivers/delay_timer/delay_timer.c		\
 				${COMMON_DIR}/tegra_platform.c			\
 				${COMMON_DIR}/tegra_pm.c			\
 				${COMMON_DIR}/tegra_sip_calls.c
+
+ifneq ($(ENABLE_STACK_PROTECTOR), 0)
+BL31_SOURCES		+=	${COMMON_DIR}/tegra_stack_protector.c
+endif

+ 28 - 0
plat/nvidia/tegra/common/tegra_stack_protector.c

@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+
+#include <arch_helpers.h>
+#include <lib/mmio.h>
+#include <plat/common/platform.h>
+#include <platform_def.h>
+
+u_register_t plat_get_stack_protector_canary(void)
+{
+	u_register_t seed;
+
+	/*
+	 * Ideally, a random number should be returned instead. As the
+	 * platform does not have any random number generator, this is
+	 * better than nothing, but not really secure.
+	 */
+	seed = mmio_read_32(TEGRA_MISC_BASE + HARDWARE_REVISION_OFFSET);
+	seed <<= 32;
+	seed |= mmio_read_32(TEGRA_TMRUS_BASE);
+
+	return seed ^ read_cntpct_el0();
+}

+ 3 - 0
plat/nvidia/tegra/platform.mk

@@ -49,6 +49,9 @@ ENABLE_TEGRA_WDT_LEGACY_FIQ_HANDLING	?= 0
 # Flag to allow relocation of BL32 image to TZDRAM during boot
 RELOCATE_BL32_IMAGE		?= 0
 
+# Enable stack protection
+ENABLE_STACK_PROTECTOR		:=	strong
+
 include plat/nvidia/tegra/common/tegra_common.mk
 include ${SOC_DIR}/platform_${TARGET_SOC}.mk