@@ -57,6 +57,9 @@ Arm Cortex-M implementation variants.
5757+---------------------------------+-----------------------------------+-----------------+---------+--------+-----------+--------+---------+------------+------------+------------+
5858| | Privileged Execute Never [#f3 ]_ | N | N | N | N | N | N | N | Y | Y |
5959+---------------------------------+-----------------------------------+-----------------+---------+--------+-----------+--------+---------+------------+------------+------------+
60+ | HW-assisted Control | | | | | | | | | | |
61+ | Flow integrity | PACBTI | N | N | N | N | N | N | N | N | Y |
62+ +---------------------------------+-----------------------------------+-----------------+---------+--------+-----------+--------+---------+------------+------------+------------+
6063| HW-assisted null-pointer | | | | | | | | | | |
6164| dereference detection | | N | N | Y | Y | Y | Y | Y | Y | Y |
6265+---------------------------------+-----------------------------------+-----------------+---------+--------+-----------+--------+---------+------------+------------+------------+
@@ -425,6 +428,42 @@ MPU stack guards
425428 detection mechanism; users may override this setting by manually enabling :kconfig:option: `CONFIG_MPU_STACK_GUARD `
426429 in these scenarios.
427430
431+ Pointer Authentication and Branch Target Identification (PACBTI)
432+ ================================================================
433+
434+ The Armv8.1-M Pointer Authentication and Branch Target Identification (PACBTI) extension is an
435+ optional extension for the Armv8.1-M architecture profile and consists of the implementation of the
436+ following control-flow integrity approaches:
437+ * Return address signing and authentication (PAC-RET) as a mitigation for Return Oriented Programming (ROP) style attack.
438+ * BTI instruction placement (BTI) as a mitigation for Jump Oriented Programming (JOP) style attacks.
439+
440+ When hardware support is present (e.g., Cortex-M85) and compiler support is available, PACBTI can be
441+ enabled at build time in Zephyr by selecting one of the below configs:
442+
443+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_STANDARD `
444+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_PACRET `
445+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_PACRET_LEAF `
446+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_BTI `
447+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_PACRET_BTI `
448+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_PACRET_LEAF_BTI `
449+ - :kconfig:option: `CONFIG_ARMV8_1_M_PACBTI_NONE `
450+
451+ The config options ensures that compiler flags enabling PACBTI instructions are added to the build,
452+ specifically:
453+
454+ - ``-mbranch-protection= `` for GCC toolchains.
455+
456+ **Limitations: **
457+
458+ - Only builds targeting Armv8.1-M Mainline processors with PACBTI hardware support (e.g.,
459+ Cortex-M85) are able to fully use this feature.
460+ - Zephyr’s integrated SDK currently includes GCC 12.2 which does not support PACBTI so external GCC
461+ toolchains (14.2 or later) must be used for PACBTI support.
462+ Refer [this](https://docs.zephyrproject.org/latest/develop/toolchains/index.html) on how to set up
463+ toolchains.
464+
465+ For more information about PACBTI, refer to the official [Arm documentation](https://developer.arm.com/documentation/109576/latest/).
466+
428467.. _arm_cortex_m_mpu_considerations :
429468
430469Memory map and MPU considerations
0 commit comments