[PATCH] arm64: explicitly disable pointer authentication instructions

[Simon Glass]

On Mon, 8 Aug 2022 at 08:12, Rasmus Villemoes
<rasmus.villemoes at prevas.dk> wrote:
>
> The Yocto project builds their aarch64 cross-compiler with the
> configure knob --enable-standard-branch-protection, which means that
> their gcc behaves as if -mbranch-protection=standard is passed; the
> default (lacking that configure knob) is -mbranch-protection=none.
>
> This means that when building U-Boot using the Yocto toolchain, most
> functions end up containing paciasp/autiasp/bti instructions. However,
> since U-Boot is not an ordinary userspace application, there's no OS
> kernel which has set up the required authentication keys, so these
> instructions do nothing at all (even on arm64 hardware that does have
> the pointer authentication capability). They do however make the image
> larger.
>
> It is theoretically possible for U-Boot to make use of the pointer
> authentication protection - cf. the linux kernel's
> CONFIG_ARM64_PTR_AUTH_KERNEL - but it is far from trivial, and it's
> hard to see just what threat model it would protect against in a
> bootloader context. Regardless, we certainly have none of the required
> infrastructure now, so explictly pass -mbranch-protection=none to
> ensure those useless instructions do not get emitted.
>
> For a toolchain not configured with
> --enable-standard-branch-protection, this changes nothing. For the
> Yocto toolchain, this reduces the size of both SPL and U-Boot proper
> by about 3% for my imx8mp target.
>
> If you don't have a Yocto toolchain, the effect can easily be
> reproduced by applying this patch and changing =none to =standard.
>
> Signed-off-by: Rasmus Villemoes <rasmus.villemoes at prevas.dk>
> ---
> Not sure who to cc, there's no overall arm64 maintainer listed in
> MAINTAINERS, but Tom is listed as generally handling arch/arm/.
>
>  arch/arm/cpu/armv8/config.mk | 1 +
>  1 file changed, 1 insertion(+)
>

Reviewed-by: Simon Glass <sjg at chromium.org>