trusty: lk: Set WXN

Set SCTLR.WXN so that writable pages are non-executable (NX), independent of PTEs. Bug: 328206729 Test: Build and run build tests. Change-Id: I75b972393be90ba837bb094ccd518235b9dc6547
author: Mike McTernan <mikemcternan@google.com> 2024-03-07 11:41:28 +0000
committer: Mike McTernan <mikemcternan@google.com> 2024-03-11 17:01:50 +0000
commit: 874a3a5a0aca54c632bda39af0ffa13624fabda8 (patch)
tree: f60323fbc65781d4a4268c6e254f9e61a26227ab
parent: d3d90dd086e4defaeb6f9bf9d99531aa03e7a7d8 (diff)
download: common-874a3a5a0aca54c632bda39af0ffa13624fabda8.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/arch/arm64/start.S b/arch/arm64/start.S
index f7933e50..eae71e97 100644
--- a/arch/arm64/start.S
+++ b/arch/arm64/start.S
@@ -333,8 +333,15 @@ _start:
     msr     tcr_el1, tmp
     isb
 
-    /* Invalidate TLB */
+    /* Enable Write implies XN (Execute-Never), EL0/1 */
+    mrs     tmp, sctlr_el1
+    orr     tmp, tmp, #(1<<19)
+    msr     sctlr_el1, tmp
+    isb
+
+    /* Invalidate TLB and sync (needed for at least WXN) */
     tlbi    vmalle1
+    dsb     sy
     isb
 
     /* We're no longer using the tagged identity map at this point, so
author	Mike McTernan <mikemcternan@google.com>	2024-03-07 11:41:28 +0000
committer	Mike McTernan <mikemcternan@google.com>	2024-03-11 17:01:50 +0000
commit	874a3a5a0aca54c632bda39af0ffa13624fabda8 (patch)
tree	f60323fbc65781d4a4268c6e254f9e61a26227ab
parent	d3d90dd086e4defaeb6f9bf9d99531aa03e7a7d8 (diff)
download	common-874a3a5a0aca54c632bda39af0ffa13624fabda8.tar.gz