Skip to content

Commit 5ab74ff

Browse files
wearyzennashif
wearyzen
authored and
nashif
committed
doc: arm: cortex_m: Update PACBTI support
Update PACBTI support for architecture variants in the features table and add a new section introducing PACBTI support/limitations. Signed-off-by: Sudan Landge <sudan.landge@arm.com>
1 parent c6d1932 commit 5ab74ff

File tree

1 file changed

+39
-0
lines changed

1 file changed

+39
-0
lines changed

doc/hardware/arch/arm_cortex_m.rst

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,9 @@ Arm Cortex-M implementation variants.
5757
+---------------------------------+-----------------------------------+-----------------+---------+--------+-----------+--------+---------+------------+------------+------------+
5858
| | Privileged Execute Never [#f3]_ | N | N | N | N | N | N | N | Y | Y |
5959
+---------------------------------+-----------------------------------+-----------------+---------+--------+-----------+--------+---------+------------+------------+------------+
60+
| HW-assisted Control | | | | | | | | | | |
61+
| Flow integrity | PACBTI | N | N | N | N | N | N | N | N | Y |
62+
+---------------------------------+-----------------------------------+-----------------+---------+--------+-----------+--------+---------+------------+------------+------------+
6063
| HW-assisted null-pointer | | | | | | | | | | |
6164
| dereference detection | | N | N | Y | Y | Y | Y | Y | Y | Y |
6265
+---------------------------------+-----------------------------------+-----------------+---------+--------+-----------+--------+---------+------------+------------+------------+
@@ -425,6 +428,42 @@ MPU stack guards
425428
detection mechanism; users may override this setting by manually enabling :kconfig:option:`CONFIG_MPU_STACK_GUARD`
426429
in these scenarios.
427430

431+
Pointer Authentication and Branch Target Identification (PACBTI)
432+
================================================================
433+
434+
The Armv8.1-M Pointer Authentication and Branch Target Identification (PACBTI) extension is an
435+
optional extension for the Armv8.1-M architecture profile and consists of the implementation of the
436+
following control-flow integrity approaches:
437+
* Return address signing and authentication (PAC-RET) as a mitigation for Return Oriented Programming (ROP) style attack.
438+
* BTI instruction placement (BTI) as a mitigation for Jump Oriented Programming (JOP) style attacks.
439+
440+
When hardware support is present (e.g., Cortex-M85) and compiler support is available, PACBTI can be
441+
enabled at build time in Zephyr by selecting one of the below configs:
442+
443+
- :kconfig:option:`CONFIG_ARMV8_1_M_PACBTI_STANDARD`
444+
- :kconfig:option:`CONFIG_ARMV8_1_M_PACBTI_PACRET`
445+
- :kconfig:option:`CONFIG_ARMV8_1_M_PACBTI_PACRET_LEAF`
446+
- :kconfig:option:`CONFIG_ARMV8_1_M_PACBTI_BTI`
447+
- :kconfig:option:`CONFIG_ARMV8_1_M_PACBTI_PACRET_BTI`
448+
- :kconfig:option:`CONFIG_ARMV8_1_M_PACBTI_PACRET_LEAF_BTI`
449+
- :kconfig:option:`CONFIG_ARMV8_1_M_PACBTI_NONE`
450+
451+
The config options ensures that compiler flags enabling PACBTI instructions are added to the build,
452+
specifically:
453+
454+
- ``-mbranch-protection=`` for GCC toolchains.
455+
456+
**Limitations:**
457+
458+
- Only builds targeting Armv8.1-M Mainline processors with PACBTI hardware support (e.g.,
459+
Cortex-M85) are able to fully use this feature.
460+
- Zephyr’s integrated SDK currently includes GCC 12.2 which does not support PACBTI so external GCC
461+
toolchains (14.2 or later) must be used for PACBTI support.
462+
Refer [this](https://docs.zephyrproject.org/latest/develop/toolchains/index.html) on how to set up
463+
toolchains.
464+
465+
For more information about PACBTI, refer to the official [Arm documentation](https://developer.arm.com/documentation/109576/latest/).
466+
428467
.. _arm_cortex_m_mpu_considerations:
429468

430469
Memory map and MPU considerations

0 commit comments

Comments
 (0)