ARMv8.3-A overview
The enhancements introduced with ARMv8.3 fall into the following categories:
Note: AArch64 indicates the 64-bit Execution state and AArch32 the 32-bit Execution state in the ARM architecture.
Pointer authentication
Computer attacks are becoming more sophisticated. Examples of this are exploit mechanisms such as the use of gadgets in Return-Orientated-Programming (ROP) and Jump-Orientated-Programming (JOP). To mitigate against such exploits, ARMv8.3-A introduces a feature that authenticates the contents of a register before it is used as the address for an indirect branch or data reference. For address authentication, the functionality uses the upper bits in a 64-bit address value normally associated with signed extension of the address space. This allows the introduction of a Pointer Authentication Code (PAC) as a new field within the upper bits of the value.
The functionality is summarized as follows:
- Instructions are added for:
- PAC value creation that write the value to the uppermost bits in a destination register alongside an address pointer value
- Authentication that validate a PAC and update the destination register with a correct or corrupt address pointer. If the authentication fails, an indirect branch or load that uses the authenticated, and corrupt, address will cause an exception.
- Removing a PAC value from the specified register
- An implementation can create a PAC using a standard and/or proprietary algorithm
- The standardized form uses a recently published block cipher known as QARMA. Click here for information on QARMA