@@ -57,6 +57,9 @@ Arm Cortex-M implementation variants.
5757+---------------------------------+-----------------------------------+-----------------+---------+--------+-----------+--------+---------+------------+------------+------------+
5858| | Privileged Execute Never [#f3 ]_ | N | N | N | N | N | N | N | Y | Y |
5959+---------------------------------+-----------------------------------+-----------------+---------+--------+-----------+--------+---------+------------+------------+------------+
60+ | HW-assisted Control | | | | | | | | | | |
61+ | Flow integrity | PACBTI | N | N | N | N | N | N | N | N | Y |
62+ +---------------------------------+-----------------------------------+-----------------+---------+--------+-----------+--------+---------+------------+------------+------------+
6063| HW-assisted null-pointer | | | | | | | | | | |
6164| dereference detection | | N | N | Y | Y | Y | Y | Y | Y | Y |
6265+---------------------------------+-----------------------------------+-----------------+---------+--------+-----------+--------+---------+------------+------------+------------+
@@ -425,6 +428,43 @@ MPU stack guards
425428 detection mechanism; users may override this setting by manually enabling :kconfig:option: `CONFIG_MPU_STACK_GUARD `
426429 in these scenarios.
427430
431+ Pointer Authentication and Branch Target Identification (PACBTI)
432+ ================================================================
433+
434+ The Armv8.1-M Pointer Authentication and Branch Target Identification (PACBTI) extension is an
435+ optional extension for the Armv8.1-M architecture profile and consists of the implementation of the
436+ following control-flow integrity approaches:
437+ * Return address signing and authentication (PAC-RET) as a mitigation for Return Oriented
438+ Programming (ROP) style attack.
439+ * BTI instruction placement (BTI) as a mitigation for Jump Oriented Programming (JOP) style attacks.
440+
441+ When hardware support is present (e.g., Cortex-M85) and compiler support is available, PACBTI can be
442+ enabled at build time in Zephyr by selecting one of the below configs:
443+
444+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_STANDARD `
445+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_PACRET `
446+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_PACRET_LEAF `
447+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_BTI `
448+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_PACRET_BTI `
449+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_PACRET_LEAF_BTI `
450+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_NONE `
451+
452+ The config options ensures that compiler flags enabling PACBTI instructions are added to the build,
453+ specifically:
454+
455+ - ``-mbranch-protection= `` for GCC toolchains.
456+
457+ **Limitations: **
458+
459+ - Only builds targeting Armv8.1-M Mainline processors with PACBTI hardware support (e.g.,
460+ Cortex-M85) are able to fully use this feature.
461+ - Zephyr’s integrated SDK currently includes GCC 12.2 which does not support PACBTI so external GCC
462+ toolchains (14.2 or later) must be used for PACBTI support.
463+ Refer [this](https://docs.zephyrproject.org/latest/develop/toolchains/index.html) on how to set up
464+ toolchains.
465+
466+ For more information about PACBTI, refer to the official [Arm documentation](https://developer.arm.com/documentation/109576/latest/).
467+
428468.. _arm_cortex_m_mpu_considerations :
429469
430470Memory map and MPU considerations
0 commit comments