armv8.1-m: Add PACBTI support to kernel NTZ implementation

In this commit, Pointer Authentication, and Branch Target
Identification Extension (PACBTI) support is added for
Non-TrustZone variant of Cortex-M85 FreeRTOS-Kernel Port.

The PACBTI support is added for Arm Compiler For
Embedded, and IAR toolchains only. The support in
the kernel is not yet enabled for GNU toolchain
due to known issues.

Signed-off-by: Ahmed Ismail <[email protected]>

Author: Ahmed Ismail

portable/ARMv8M/non_secure/port.c

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void );
 #define portSCB_VTOR_REG                      ( *( ( portISR_t ** ) 0xe000ed08 ) )
 #define portSCB_SYS_HANDLER_CTRL_STATE_REG    ( *( ( volatile uint32_t * ) 0xe000ed24 ) )
 #define portSCB_MEM_FAULT_ENABLE_BIT          ( 1UL << 16UL )
+#define portSCB_USG_FAULT_ENABLE_BIT          ( 1UL << 18UL )
 /*-----------------------------------------------------------*/
 
 /**
@@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void );
  * any secure calls.
  */
 #define portNO_SECURE_CONTEXT    0
+
+/**
+ * @brief Constant required to check PACBTI security feature implementation.
+ */
+#if (portPROCESSOR_VARIANT == 85)
+    #define portID_ISAR5_REG         ( *( ( volatile uint32_t * ) 0xe000ed74 ) )
+#endif /* portPROCESSOR_VARIANT == 85 */
 /*-----------------------------------------------------------*/
 
 /**
@@ -410,6 +420,16 @@ static void prvTaskExitError( void );
     static void prvSetupFPU( void ) PRIVILEGED_FUNCTION;
 #endif /* configENABLE_FPU */
 
+#if (portPROCESSOR_VARIANT == 85)
+
+/**
+ * @brief Enable/Disable pointer authentication, and/or branch target identification
+ * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable.
+ * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature.
+ */
+    static void prvConfigurePacBti ( void );
+#endif /* portPROCESSOR_VARIANT == 85 */
+
 /**
  * @brief Setup the timer to generate the tick interrupts.
  *
@@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */
     portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI;
     portNVIC_SHPR2_REG = 0;
 
+    #if (portPROCESSOR_VARIANT == 85)
+    {
+        /* Check and configure PACBTI security feature before starting the first task. */
+        prvConfigurePacBti();
+    }
+    #endif /* portPROCESSOR_VARIANT == 85 */
+
     #if ( configENABLE_MPU == 1 )
     {
         /* Setup the Memory Protection Unit (MPU). */
@@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void )
 
 #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */
 /*-----------------------------------------------------------*/
+
+#if (portPROCESSOR_VARIANT == 85)
+    static void prvConfigurePacBti ( void )
+    {
+        #if defined ( portARM_V_8_1_M_PACBTI_CONFIG )
+            uint32_t ulIdIsar5 = portID_ISAR5_REG;
+            configASSERT(ulIdIsar5 != 0x0);
+
+            /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */
+            #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE )
+                portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT;
+            #endif
+
+            uint32_t ulControl;
+            #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \
+            ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) )
+                /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */
+                ulControl = 0xF0;
+                __asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
+            #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \
+            ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) )
+                /* Set UPAC_EN, and PAC_EN control bits */
+                ulControl = 0xC0;
+                __asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
+            #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI )
+                /* Set UBTI_EN, and BTI_EN control bits */
+                ulControl = 0x30;
+                __asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
+            #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE )
+                /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */
+                ulControl = 0x00;
+                __asm volatile ( "msr control, %0" : : "r" ( ulControl ) );
+            #else
+                #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen"
+            #endif
+        #endif
+    }
+#endif /* portPROCESSOR_VARIANT == 85 */
+/*-----------------------------------------------------------*/

portable/ARMv8M/non_secure/portable/GCC/ARM_CM23/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -48,6 +50,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            23
 #define portARCH_NAME                    "Cortex-M23"
 #define portHAS_ARMV8M_MAIN_EXTENSION    0
 #define portARMV8M_MINOR_VERSION         0

portable/ARMv8M/non_secure/portable/GCC/ARM_CM23_NTZ/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -48,6 +50,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            23
 #define portARCH_NAME                    "Cortex-M23"
 #define portHAS_ARMV8M_MAIN_EXTENSION    0
 #define portARMV8M_MINOR_VERSION         0

portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -48,6 +50,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            33
 #define portARCH_NAME                    "Cortex-M33"
 #define portHAS_ARMV8M_MAIN_EXTENSION    1
 #define portARMV8M_MINOR_VERSION         0

portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -48,6 +50,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            33
 #define portARCH_NAME                    "Cortex-M33"
 #define portHAS_ARMV8M_MAIN_EXTENSION    1
 #define portARMV8M_MINOR_VERSION         0

portable/ARMv8M/non_secure/portable/GCC/ARM_CM35P/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -48,6 +50,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            35
 #define portARCH_NAME                    "Cortex-M35P"
 #define portHAS_ARMV8M_MAIN_EXTENSION    1
 #define portARMV8M_MINOR_VERSION         0

portable/ARMv8M/non_secure/portable/GCC/ARM_CM55/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -53,6 +55,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            55
 #define portARCH_NAME                    "Cortex-M55"
 #define portHAS_ARMV8M_MAIN_EXTENSION    1
 #define portARMV8M_MINOR_VERSION         1

portable/ARMv8M/non_secure/portable/GCC/ARM_CM85/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -53,6 +55,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            85
 #define portARCH_NAME                    "Cortex-M85"
 #define portHAS_ARMV8M_MAIN_EXTENSION    1
 #define portARMV8M_MINOR_VERSION         1

portable/ARMv8M/non_secure/portable/IAR/ARM_CM23/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -48,6 +50,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            23
 #define portARCH_NAME                    "Cortex-M23"
 #define portHAS_ARMV8M_MAIN_EXTENSION    0
 #define portARMV8M_MINOR_VERSION         0

portable/ARMv8M/non_secure/portable/IAR/ARM_CM23_NTZ/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -48,6 +50,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            23
 #define portARCH_NAME                    "Cortex-M23"
 #define portHAS_ARMV8M_MAIN_EXTENSION    0
 #define portARMV8M_MINOR_VERSION         0

portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -48,6 +50,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            33
 #define portARCH_NAME                    "Cortex-M33"
 #define portHAS_ARMV8M_MAIN_EXTENSION    1
 #define portARMV8M_MINOR_VERSION         0

portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -48,6 +50,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            33
 #define portARCH_NAME                    "Cortex-M33"
 #define portHAS_ARMV8M_MAIN_EXTENSION    1
 #define portARMV8M_MINOR_VERSION         0

portable/ARMv8M/non_secure/portable/IAR/ARM_CM35P/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -48,6 +50,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            35
 #define portARCH_NAME                    "Cortex-M35P"
 #define portHAS_ARMV8M_MAIN_EXTENSION    1
 #define portARMV8M_MINOR_VERSION         0

portable/ARMv8M/non_secure/portable/IAR/ARM_CM55/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -53,6 +55,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            55
 #define portARCH_NAME                    "Cortex-M55"
 #define portHAS_ARMV8M_MAIN_EXTENSION    1
 #define portARMV8M_MINOR_VERSION         1

portable/ARMv8M/non_secure/portable/IAR/ARM_CM85/portmacro.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -53,6 +55,7 @@
 /**
  * Architecture specifics.
  */
+#define portPROCESSOR_VARIANT            85
 #define portARCH_NAME                    "Cortex-M85"
 #define portHAS_ARMV8M_MAIN_EXTENSION    1
 #define portARMV8M_MINOR_VERSION         1

portable/ARMv8M/non_secure/portmacrocommon.h

@@ -1,6 +1,8 @@
 /*
  * FreeRTOS Kernel <DEVELOPMENT BRANCH>
  * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * Copyright 2024 Arm Limited and/or its affiliates
+ * <[email protected]>
  *
  * SPDX-License-Identifier: MIT
  *
@@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P
 #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */
 /*-----------------------------------------------------------*/
 
+#if (portPROCESSOR_VARIANT == 85)
+
+    /**
+     * @brief PACBTI Security Feature Disabled
+     */
+    #define portARM_V_8_1_M_PACBTI_CONFIG_NONE                0
+
+    /**
+     * @brief PACBTI Security Feature Standard Configuration
+     * (PAC enabled without leaf functions support, and BTI enabled ).
+     */
+    #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD            1
+
+    /**
+     * @brief PACBTI Security Feature with only PAC enabled.
+     */
+    #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET              2
+
+    /**
+     * @brief PACBTI Security Feature with PAC
+     * and PAC for leaf functions support enabled.
+     */
+    #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF         3
+
+    /**
+     * @brief PACBTI Security Feature Standard + Leaf Configuration
+     * (PAC enabled with leaf functions support, and BTI enabled).
+     */
+    #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI     4
+
+    /**
+     * @brief PACBTI Security Feature with only BTI enabled.
+     */
+    #define portARM_V_8_1_M_PACBTI_CONFIG_BTI                 5
+
+#endif /* portPROCESSOR_VARIANT == 85 */
+/*-----------------------------------------------------------*/
+
 /* *INDENT-OFF* */
 #ifdef __cplusplus
     }