The Yocto project builds their aarch64 cross-compiler with the
configure knob --enable-standard-branch-protection, which means that
their gcc behaves as if -mbranch-protection=standard is passed; the
default (lacking that configure knob) is -mbranch-protection=none.
This means that when building U-Boot using the Yocto toolchain, most
functions end up containing paciasp/autiasp/bti instructions. However,
since U-Boot is not an ordinary userspace application, there's no OS
kernel which has set up the required authentication keys, so these
instructions do nothing at all (even on arm64 hardware that does have
the pointer authentication capability). They do however make the image
larger.
It is theoretically possible for U-Boot to make use of the pointer
authentication protection - cf. the linux kernel's
CONFIG_ARM64_PTR_AUTH_KERNEL - but it is far from trivial, and it's
hard to see just what threat model it would protect against in a
bootloader context. Regardless, we certainly have none of the required
infrastructure now, so explicitly pass -mbranch-protection=none to
ensure those useless instructions do not get emitted.
For a toolchain not configured with
--enable-standard-branch-protection, this changes nothing. For the
Yocto toolchain, this reduces the size of both SPL and U-Boot proper
by about 3% for my imx8mp target.
If you don't have a Yocto toolchain, the effect can easily be
reproduced by applying this patch and changing =none to =standard.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
# (C) Copyright 2002
# Gary Jennejohn, DENX Software Engineering, <garyj@denx.de>
PLATFORM_RELFLAGS += -fno-common -ffixed-x18
+PLATFORM_RELFLAGS += $(call cc-option,-mbranch-protection=none)
PF_NO_UNALIGNED := $(call cc-option, -mstrict-align)
PLATFORM_CPPFLAGS += $(PF_NO_UNALIGNED)