arm64: enable pointer authentication

Now that all the necessary bits are in place for userspace, add the
necessary Kconfig logic to allow this to be enabled.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 0b3aa2a894a7db7c1298a8eaab5d161016d9004b..2a67abeca04131d937c55b88475f71a7bcbc70c0 100644 (file)
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1260,6 +1260,29 @@ config ARM64_CNP
 
 endmenu
 
+menu "ARMv8.3 architectural features"
+
+config ARM64_PTR_AUTH
+       bool "Enable support for pointer authentication"
+       default y
+       help
+         Pointer authentication (part of the ARMv8.3 Extensions) provides
+         instructions for signing and authenticating pointers against secret
+         keys, which can be used to mitigate Return Oriented Programming (ROP)
+         and other attacks.
+
+         This option enables these instructions at EL0 (i.e. for userspace).
+
+         Choosing this option will cause the kernel to initialise secret keys
+         for each process at exec() time, with these keys being
+         context-switched along with the process.
+
+         The feature is detected at runtime. If the feature is not present in
+         hardware it will not be advertised to userspace nor will it be
+         enabled.
+
+endmenu
+
 config ARM64_SVE
        bool "ARM Scalable Vector Extension support"
        default y