core: user_ta: implement ASLR for TAs

Introduces CFG_TA_ASLR to enable Address Space Layout Randomization of
Trusted Applications. ASLR makes the exploitation of memory corruption
vulnerabilities harder.
The feature is disabled by default except for the configurations I
could test (QEMU and HiKey960).
When CFG_TA_ASLR=y, the stack and subsequent ELF file(s) needed by the
TA are mapped into the user VA space with a random offset comprised
between CFG_TA_ASLR_MIN_OFFSET_PAGES and CFG_TA_ASLR_MAX_OFFSET_PAGES
pages (that is between 0 and 128 pages by default).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU, HiKey960)
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

1 files changed, 14 insertions, 0 deletions

diff --git a/mk/config.mk b/mk/config.mk
index 96365456..fca8d6ea 100644
--- a/mk/config.mk
+++ b/mk/config.mk
@@ -205,6 +205,20 @@ CFG_WITH_USER_TA ?= y
 # By default, in-tree TAs are built using the first architecture specified in
 # $(ta-targets).
 
+# Address Space Layout Randomization for user-mode Trusted Applications
+#
+# When this flag is enabled, the ELF loader will introduce a random offset
+# when mapping the application in user space. ASLR makes the exploitation of
+# memory corruption vulnerabilities more difficult.
+CFG_TA_ASLR ?= n
+
+# How much ASLR may shift the base address (in pages). The base address is
+# randomly shifted by an integer number of pages comprised between these two
+# values. Bigger ranges are more secure because they make the addresses harder
+# to guess at the expense of using more memory for the page tables.
+CFG_TA_ASLR_MIN_OFFSET_PAGES ?= 0
+CFG_TA_ASLR_MAX_OFFSET_PAGES ?= 128
+
 # Load user TAs from the REE filesystem via tee-supplicant
 CFG_REE_FS_TA ?= y