The following build options are supported:
+- ``ENABLE_STACK_PROTECTOR``: Disabled by default. It uses the hardware RNG of
+ the board.
+
- ``PRELOADED_BL33_BASE``: Specially useful because the file ``kernel8.img`` can
be loaded anywhere by modifying the file ``config.txt``. It doesn't have to
contain a kernel, it could have any arbitrary payload.
# Disable the PSCI platform compatibility layer by default
ENABLE_PLAT_COMPAT := 0
+# Disable stack protector by default
+ENABLE_STACK_PROTECTOR := 0
+
# Reset to BL31 isn't supported
RESET_TO_BL31 := 0
$(error Error: AArch32 not supported on rpi3)
endif
+ifneq ($(ENABLE_STACK_PROTECTOR), 0)
+PLAT_BL_COMMON_SOURCES += plat/rpi3/rpi3_rng.c \
+ plat/rpi3/rpi3_stack_protector.c
+endif
+
ifeq (${SPD},opteed)
BL2_SOURCES += \
lib/optee/optee_utils.c
--- /dev/null
+/*
+ * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <sys/types.h>
+#include <utils.h>
+
+#include "rpi3_private.h"
+
+/* Get 128 bits of entropy and fuse the values together to form the canary. */
+#define TRNG_NBYTES 16U
+
+u_register_t plat_get_stack_protector_canary(void)
+{
+ size_t i;
+ u_register_t buf[TRNG_NBYTES / sizeof(u_register_t)];
+ u_register_t ret = 0U;
+
+ rpi3_rng_read(buf, sizeof(buf));
+
+ for (i = 0U; i < ARRAY_SIZE(buf); i++)
+ ret ^= buf[i];
+
+ return ret;
+}
projects / project / bcm63xx / atf.git / commitdiff