xref: /optee_os/core/arch/arm/kernel/entry_a64.S (revision 81d5a9d51511f52b8389c80b488f234b5d4d74aa) 
1/* SPDX-License-Identifier: BSD-2-Clause */
2/*
3 * Copyright (c) 2015-2022, Linaro Limited
4 * Copyright (c) 2021-2023, Arm Limited
5 */
6
7#include <platform_config.h>
8
9#include <arm64_macros.S>
10#include <arm.h>
11#include <asm.S>
12#include <generated/asm-defines.h>
13#include <keep.h>
14#include <kernel/thread_private.h>
15#include <mm/core_mmu.h>
16#include <sm/optee_smc.h>
17#include <sm/teesmc_opteed.h>
18#include <sm/teesmc_opteed_macros.h>
19
20	/*
21	 * Setup SP_EL0 and SPEL1, SP will be set to SP_EL0.
22	 * SP_EL0 is assigned:
23	 *   stack_tmp + (cpu_id + 1) * stack_tmp_stride - STACK_TMP_GUARD
24	 * SP_EL1 is assigned thread_core_local[cpu_id]
25	 */
26	.macro set_sp
27		bl	__get_core_pos
28		cmp	x0, #CFG_TEE_CORE_NB_CORE
29		/* Unsupported CPU, park it before it breaks something */
30		bge	unhandled_cpu
31		add	x0, x0, #1
32		adr_l	x1, stack_tmp_stride
33		ldr	w1, [x1]
34		mul	x1, x0, x1
35
36		/* x0 = stack_tmp - STACK_TMP_GUARD */
37		adr_l	x2, stack_tmp_rel
38		ldr	w0, [x2]
39		add	x0, x0, x2
40
41		msr	spsel, #0
42		add	sp, x1, x0
43		bl	thread_get_core_local
44		msr	spsel, #1
45		mov	sp, x0
46		msr	spsel, #0
47	.endm
48
49	.macro read_feat_mte reg
50		mrs	\reg, id_aa64pfr1_el1
51		ubfx	\reg, \reg, #ID_AA64PFR1_EL1_MTE_SHIFT, #4
52	.endm
53
54	.macro read_feat_pan reg
55		mrs	\reg, id_mmfr3_el1
56		ubfx	\reg, \reg, #ID_MMFR3_EL1_PAN_SHIFT, #4
57	.endm
58
59	.macro set_sctlr_el1
60		mrs	x0, sctlr_el1
61		orr	x0, x0, #SCTLR_I
62		orr	x0, x0, #SCTLR_SA
63		orr	x0, x0, #SCTLR_SPAN
64#if defined(CFG_CORE_RWDATA_NOEXEC)
65		orr	x0, x0, #SCTLR_WXN
66#endif
67#if defined(CFG_SCTLR_ALIGNMENT_CHECK)
68		orr	x0, x0, #SCTLR_A
69#else
70		bic	x0, x0, #SCTLR_A
71#endif
72#ifdef CFG_MEMTAG
73		read_feat_mte x1
74		cmp	w1, #1
75		b.ls	111f
76		orr	x0, x0, #(SCTLR_ATA | SCTLR_ATA0)
77		bic	x0, x0, #SCTLR_TCF_MASK
78		bic	x0, x0, #SCTLR_TCF0_MASK
79111:
80#endif
81#if defined(CFG_TA_PAUTH) && defined(CFG_TA_BTI)
82		orr	x0, x0, #SCTLR_BT0
83#endif
84#if defined(CFG_CORE_PAUTH) && defined(CFG_CORE_BTI)
85		orr	x0, x0, #SCTLR_BT1
86#endif
87		msr	sctlr_el1, x0
88	.endm
89
90	.macro init_memtag_per_cpu
91		read_feat_mte x0
92		cmp	w0, #1
93		b.ls	11f
94
95#ifdef CFG_TEE_CORE_DEBUG
96		/*
97		 * This together with GCR_EL1.RRND = 0 will make the tags
98		 * acquired with the irg instruction deterministic.
99		 */
100		mov_imm	x0, 0xcafe00
101		msr	rgsr_el1, x0
102		/* Avoid tag = 0x0 and 0xf */
103		mov	x0, #0
104#else
105		/*
106		 * Still avoid tag = 0x0 and 0xf as we use that tag for
107		 * everything which isn't explicitly tagged. Setting
108		 * GCR_EL1.RRND = 1 to allow an implementation specific
109		 * method of generating the tags.
110		 */
111		mov	x0, #GCR_EL1_RRND
112#endif
113		orr	x0, x0, #1
114		orr	x0, x0, #(1 << 15)
115		msr	gcr_el1, x0
116
117		/*
118		 * Enable the tag checks on the current CPU.
119		 *
120		 * Depends on boot_init_memtag() having cleared tags for
121		 * TEE core memory. Well, not really, addresses with the
122		 * tag value 0b0000 will use unchecked access due to
123		 * TCR_TCMA0.
124		 */
125		mrs	x0, tcr_el1
126		orr	x0, x0, #TCR_TBI0
127		orr	x0, x0, #TCR_TCMA0
128		msr	tcr_el1, x0
129
130		mrs	x0, sctlr_el1
131		orr	x0, x0, #SCTLR_TCF_SYNC
132		orr	x0, x0, #SCTLR_TCF0_SYNC
133		msr	sctlr_el1, x0
134
135		isb
13611:
137	.endm
138
139	.macro init_pauth_secondary_cpu
140		msr	spsel, #1
141		ldp	x0, x1, [sp, #THREAD_CORE_LOCAL_KEYS]
142		msr	spsel, #0
143		write_apiakeyhi x0
144		write_apiakeylo x1
145		mrs	x0, sctlr_el1
146		orr	x0, x0, #SCTLR_ENIA
147		msr	sctlr_el1, x0
148		isb
149	.endm
150
151	.macro init_pan
152		read_feat_pan x0
153		cmp	x0, #0
154		b.eq	1f
155		mrs	x0, sctlr_el1
156		bic	x0, x0, #SCTLR_SPAN
157		msr	sctlr_el1, x0
158		write_pan_enable
159	1:
160	.endm
161
162FUNC _start , :
163	/*
164	 * Temporary copy of boot argument registers, will be passed to
165	 * boot_save_args() further down.
166	 */
167	mov	x19, x0
168	mov	x20, x1
169	mov	x21, x2
170	mov	x22, x3
171
172	adr	x0, reset_vect_table
173	msr	vbar_el1, x0
174	isb
175
176#ifdef CFG_PAN
177	init_pan
178#endif
179
180	set_sctlr_el1
181	isb
182
183#ifdef CFG_WITH_PAGER
184	/*
185	 * Move init code into correct location and move hashes to a
186	 * temporary safe location until the heap is initialized.
187	 *
188	 * The binary is built as:
189	 * [Pager code, rodata and data] : In correct location
190	 * [Init code and rodata] : Should be copied to __init_start
191	 * [struct boot_embdata + data] : Should be saved before
192	 * initializing pager, first uint32_t tells the length of the data
193	 */
194	adr	x0, __init_start	/* dst */
195	adr	x1, __data_end		/* src */
196	adr	x2, __init_end
197	sub	x2, x2, x0		/* init len */
198	ldr	w4, [x1, x2]		/* length of hashes etc */
199	add	x2, x2, x4		/* length of init and hashes etc */
200	/* Copy backwards (as memmove) in case we're overlapping */
201	add	x0, x0, x2		/* __init_start + len */
202	add	x1, x1, x2		/* __data_end + len */
203	adr	x3, cached_mem_end
204	str	x0, [x3]
205	adr	x2, __init_start
206copy_init:
207	ldp	x3, x4, [x1, #-16]!
208	stp	x3, x4, [x0, #-16]!
209	cmp	x0, x2
210	b.gt	copy_init
211#else
212	/*
213	 * The binary is built as:
214	 * [Core, rodata and data] : In correct location
215	 * [struct boot_embdata + data] : Should be moved to __end, first
216	 * uint32_t tells the length of the struct + data
217	 */
218	adr_l	x0, __end		/* dst */
219	adr_l	x1, __data_end		/* src */
220	ldr	w2, [x1]		/* struct boot_embdata::total_len */
221	/* Copy backwards (as memmove) in case we're overlapping */
222	add	x0, x0, x2
223	add	x1, x1, x2
224	adr	x3, cached_mem_end
225	str	x0, [x3]
226	adr_l	x2, __end
227
228copy_init:
229	ldp	x3, x4, [x1, #-16]!
230	stp	x3, x4, [x0, #-16]!
231	cmp	x0, x2
232	b.gt	copy_init
233#endif
234
235	/*
236	 * Clear .bss, this code obviously depends on the linker keeping
237	 * start/end of .bss at least 8 byte aligned.
238	 */
239	adr_l	x0, __bss_start
240	adr_l	x1, __bss_end
241clear_bss:
242	str	xzr, [x0], #8
243	cmp	x0, x1
244	b.lt	clear_bss
245
246#ifdef CFG_NS_VIRTUALIZATION
247	/*
248	 * Clear .nex_bss, this code obviously depends on the linker keeping
249	 * start/end of .bss at least 8 byte aligned.
250	 */
251	adr_l	x0, __nex_bss_start
252	adr_l	x1, __nex_bss_end
253clear_nex_bss:
254	str	xzr, [x0], #8
255	cmp	x0, x1
256	b.lt	clear_nex_bss
257#endif
258
259
260#if defined(CFG_CORE_PHYS_RELOCATABLE)
261	/*
262	 * Save the base physical address, it will not change after this
263	 * point.
264	 */
265	adr_l	x2, core_mmu_tee_load_pa
266	adr	x1, _start		/* Load address */
267	str	x1, [x2]
268
269	mov_imm	x0, TEE_LOAD_ADDR	/* Compiled load address */
270	sub	x0, x1, x0		/* Relocatation offset */
271
272	cbz	x0, 1f
273	bl	relocate
2741:
275#endif
276
277	/* Setup SP_EL0 and SP_EL1, SP will be set to SP_EL0 */
278	set_sp
279
280	bl	thread_init_thread_core_local
281
282	/* Enable aborts now that we can receive exceptions */
283	msr	daifclr, #DAIFBIT_ABT
284
285	/*
286	 * Invalidate dcache for all memory used during initialization to
287	 * avoid nasty surprices when the cache is turned on. We must not
288	 * invalidate memory not used by OP-TEE since we may invalidate
289	 * entries used by for instance ARM Trusted Firmware.
290	 */
291	adr_l	x0, __text_start
292	ldr	x1, cached_mem_end
293	sub	x1, x1, x0
294	bl	dcache_cleaninv_range
295
296	/* Enable Console */
297	bl	console_init
298
299	mov	x0, x19
300	mov	x1, x20
301	mov	x2, x21
302	mov	x3, x22
303	mov	x4, xzr
304	bl	boot_save_args
305
306#ifdef CFG_MEMTAG
307	/*
308	 * If FEAT_MTE2 is available, initializes the memtag callbacks.
309	 * Tags for OP-TEE core memory are then cleared to make it safe to
310	 * enable MEMTAG below.
311	 */
312	bl	boot_init_memtag
313#endif
314
315#ifdef CFG_CORE_ASLR
316	bl	get_aslr_seed
317#else
318	mov	x0, #0
319#endif
320
321	adr	x1, boot_mmu_config
322	bl	core_init_mmu_map
323
324#ifdef CFG_CORE_ASLR
325	/*
326	 * Process relocation information again updating for the virtual
327	 * map offset. We're doing this now before MMU is enabled as some
328	 * of the memory will become write protected.
329	 */
330	ldr	x0, boot_mmu_config + CORE_MMU_CONFIG_MAP_OFFSET
331	cbz	x0, 1f
332	/*
333	 * Update cached_mem_end address with load offset since it was
334	 * calculated before relocation.
335	 */
336	adr	x5, cached_mem_end
337	ldr	x6, [x5]
338	add	x6, x6, x0
339	str	x6, [x5]
340	adr	x1, _start		/* Load address */
341	bl	relocate
3421:
343#endif
344
345	bl	__get_core_pos
346	bl	enable_mmu
347#ifdef CFG_CORE_ASLR
348	/*
349	 * Reinitialize console, since register_serial_console() has
350	 * previously registered a PA and with ASLR the VA is different
351	 * from the PA.
352	 */
353	bl	console_init
354#endif
355
356#ifdef CFG_MEMTAG
357	bl	boot_clear_memtag
358#endif
359
360#ifdef CFG_NS_VIRTUALIZATION
361	/*
362	 * Initialize partition tables for each partition to
363	 * default_partition which has been relocated now to a different VA
364	 */
365	bl	core_mmu_set_default_prtn_tbl
366#endif
367
368	bl	boot_init_primary_early
369
370#ifdef CFG_MEMTAG
371	init_memtag_per_cpu
372#endif
373
374#ifndef CFG_NS_VIRTUALIZATION
375	mov	x23, sp
376	adr_l	x0, threads
377	ldr	x0, [x0, #THREAD_CTX_STACK_VA_END]
378	mov	sp, x0
379	bl	thread_get_core_local
380	mov	x24, x0
381	str	wzr, [x24, #THREAD_CORE_LOCAL_FLAGS]
382#endif
383	bl	boot_init_primary_late
384#ifdef CFG_CORE_PAUTH
385	adr_l	x0, threads
386	ldp	x1, x2, [x0, #THREAD_CTX_KEYS]
387	write_apiakeyhi x1
388	write_apiakeylo x2
389	mrs	x0, sctlr_el1
390	orr	x0, x0, #SCTLR_ENIA
391	msr	sctlr_el1, x0
392	isb
393#endif
394	bl	boot_init_primary_final
395
396#ifndef CFG_NS_VIRTUALIZATION
397	mov	x0, #THREAD_CLF_TMP
398	str     w0, [x24, #THREAD_CORE_LOCAL_FLAGS]
399	mov	sp, x23
400#ifdef CFG_CORE_PAUTH
401	ldp	x0, x1, [x24, #THREAD_CORE_LOCAL_KEYS]
402	write_apiakeyhi x0
403	write_apiakeylo x1
404	isb
405#endif
406#endif
407
408#ifdef _CFG_CORE_STACK_PROTECTOR
409	/* Update stack canary value */
410	sub	sp, sp, #0x10
411	mov	x0, sp
412	mov	x1, #1
413	mov	x2, #0x8
414	bl	plat_get_random_stack_canaries
415	ldr	x0, [sp]
416	adr_l	x5, __stack_chk_guard
417	str	x0, [x5]
418	add	sp, sp, #0x10
419#endif
420
421	/*
422	 * In case we've touched memory that secondary CPUs will use before
423	 * they have turned on their D-cache, clean and invalidate the
424	 * D-cache before exiting to normal world.
425	 */
426	adr_l	x0, __text_start
427	ldr	x1, cached_mem_end
428	sub	x1, x1, x0
429	bl	dcache_cleaninv_range
430
431
432	/*
433	 * Clear current thread id now to allow the thread to be reused on
434	 * next entry. Matches the thread_init_boot_thread in
435	 * boot.c.
436	 */
437#ifndef CFG_NS_VIRTUALIZATION
438	bl 	thread_clr_boot_thread
439#endif
440
441#ifdef CFG_CORE_FFA
442	adr	x0, cpu_on_handler
443	/*
444	 * Compensate for the virtual map offset since cpu_on_handler() is
445	 * called with MMU off.
446	 */
447	ldr	x1, boot_mmu_config + CORE_MMU_CONFIG_MAP_OFFSET
448	sub	x0, x0, x1
449	bl	thread_spmc_register_secondary_ep
450	b	thread_ffa_msg_wait
451#else
452	/*
453	 * Pass the vector address returned from main_init Compensate for
454	 * the virtual map offset since cpu_on_handler() is called with MMU
455	 * off.
456	 */
457	ldr	x0, boot_mmu_config + CORE_MMU_CONFIG_MAP_OFFSET
458	adr	x1, thread_vector_table
459	sub	x1, x1, x0
460	mov	x0, #TEESMC_OPTEED_RETURN_ENTRY_DONE
461	smc	#0
462	/* SMC should not return */
463	panic_at_smc_return
464#endif
465END_FUNC _start
466DECLARE_KEEP_INIT _start
467
468	.section .identity_map.data
469	.balign	8
470LOCAL_DATA cached_mem_end , :
471	.skip	8
472END_DATA cached_mem_end
473
474#if defined(CFG_CORE_ASLR) || defined(CFG_CORE_PHYS_RELOCATABLE)
475LOCAL_FUNC relocate , :
476	/*
477	 * x0 holds relocate offset
478	 * x1 holds load address
479	 */
480#ifdef CFG_WITH_PAGER
481	adr_l	x6, __init_end
482#else
483	adr_l	x6, __end
484#endif
485	ldp	w2, w3, [x6, #BOOT_EMBDATA_RELOC_OFFSET]
486
487	add	x2, x2, x6	/* start of relocations */
488	add	x3, x3, x2	/* end of relocations */
489
490	/*
491	 * Relocations are not formatted as Rela64, instead they are in a
492	 * compressed format created by get_reloc_bin() in
493	 * scripts/gen_tee_bin.py
494	 *
495	 * All the R_AARCH64_RELATIVE relocations are translated into a
496	 * list of 32-bit offsets from TEE_LOAD_ADDR. At each address a
497	 * 64-bit value pointed out which increased with the load offset.
498	 */
499
500#ifdef CFG_WITH_PAGER
501	/*
502	 * With pager enabled we can only relocate the pager and init
503	 * parts, the rest has to be done when a page is populated.
504	 */
505	sub	x6, x6, x1
506#endif
507
508	b	2f
509	/* Loop over the relocation addresses and process all entries */
5101:	ldr	w4, [x2], #4
511#ifdef CFG_WITH_PAGER
512	/* Skip too large addresses */
513	cmp	x4, x6
514	b.ge	2f
515#endif
516	add	x4, x4, x1
517	ldr	x5, [x4]
518	add	x5, x5, x0
519	str	x5, [x4]
520
5212:	cmp	x2, x3
522	b.ne	1b
523
524	ret
525END_FUNC relocate
526#endif
527
528/*
529 * void enable_mmu(unsigned long core_pos);
530 *
531 * This function depends on being mapped with in the identity map where
532 * physical address and virtual address is the same. After MMU has been
533 * enabled the instruction pointer will be updated to execute as the new
534 * offset instead. Stack pointers and the return address are updated.
535 */
536LOCAL_FUNC enable_mmu , : , .identity_map
537	adr	x1, boot_mmu_config
538	load_xregs x1, 0, 2, 6
539	/*
540	 * x0 = core_pos
541	 * x2 = tcr_el1
542	 * x3 = mair_el1
543	 * x4 = ttbr0_el1_base
544	 * x5 = ttbr0_core_offset
545	 * x6 = load_offset
546	 */
547	msr	tcr_el1, x2
548	msr	mair_el1, x3
549
550	/*
551	 * ttbr0_el1 = ttbr0_el1_base + ttbr0_core_offset * core_pos
552	 */
553	madd	x1, x5, x0, x4
554	msr	ttbr0_el1, x1
555	msr	ttbr1_el1, xzr
556	isb
557
558	/* Invalidate TLB */
559	tlbi	vmalle1
560
561	/*
562	 * Make sure translation table writes have drained into memory and
563	 * the TLB invalidation is complete.
564	 */
565	dsb	sy
566	isb
567
568	/* Enable the MMU */
569	mrs	x1, sctlr_el1
570	orr	x1, x1, #SCTLR_M
571	msr	sctlr_el1, x1
572	isb
573
574	/* Update vbar */
575	mrs	x1, vbar_el1
576	add	x1, x1, x6
577	msr	vbar_el1, x1
578	isb
579
580	/* Invalidate instruction cache and branch predictor */
581	ic	iallu
582	isb
583
584	/* Enable I and D cache */
585	mrs	x1, sctlr_el1
586	orr	x1, x1, #SCTLR_I
587	orr	x1, x1, #SCTLR_C
588	msr	sctlr_el1, x1
589	isb
590
591	/* Adjust stack pointers and return address */
592	msr	spsel, #1
593	add	sp, sp, x6
594	msr	spsel, #0
595	add	sp, sp, x6
596	add	x30, x30, x6
597
598	ret
599END_FUNC enable_mmu
600
601	.section .identity_map.data
602	.balign	8
603DATA boot_mmu_config , : /* struct core_mmu_config */
604	.skip	CORE_MMU_CONFIG_SIZE
605END_DATA boot_mmu_config
606
607FUNC cpu_on_handler , :
608	mov	x19, x0
609	mov	x20, x1
610	mov	x21, x30
611
612	adr	x0, reset_vect_table
613	msr	vbar_el1, x0
614	isb
615
616	set_sctlr_el1
617	isb
618
619#ifdef CFG_PAN
620	init_pan
621#endif
622
623	/* Enable aborts now that we can receive exceptions */
624	msr	daifclr, #DAIFBIT_ABT
625
626	bl	__get_core_pos
627	bl	enable_mmu
628
629	/* Setup SP_EL0 and SP_EL1, SP will be set to SP_EL0 */
630	set_sp
631
632#ifdef CFG_MEMTAG
633	init_memtag_per_cpu
634#endif
635#ifdef CFG_CORE_PAUTH
636	init_pauth_secondary_cpu
637#endif
638
639	mov	x0, x19
640	mov	x1, x20
641#ifdef CFG_CORE_FFA
642	bl	boot_cpu_on_handler
643	b	thread_ffa_msg_wait
644#else
645	mov	x30, x21
646	b	boot_cpu_on_handler
647#endif
648END_FUNC cpu_on_handler
649DECLARE_KEEP_PAGER cpu_on_handler
650
651LOCAL_FUNC unhandled_cpu , :
652	wfi
653	b	unhandled_cpu
654END_FUNC unhandled_cpu
655
656LOCAL_DATA stack_tmp_rel , :
657	.word	stack_tmp - stack_tmp_rel - STACK_TMP_GUARD
658END_DATA stack_tmp_rel
659
660	/*
661	 * This macro verifies that the a given vector doesn't exceed the
662	 * architectural limit of 32 instructions. This is meant to be placed
663	 * immedately after the last instruction in the vector. It takes the
664	 * vector entry as the parameter
665	 */
666	.macro check_vector_size since
667	  .if (. - \since) > (32 * 4)
668	    .error "Vector exceeds 32 instructions"
669	  .endif
670	.endm
671
672	.section .identity_map, "ax", %progbits
673	.align	11
674LOCAL_FUNC reset_vect_table , :, .identity_map, , nobti
675	/* -----------------------------------------------------
676	 * Current EL with SP0 : 0x0 - 0x180
677	 * -----------------------------------------------------
678	 */
679SynchronousExceptionSP0:
680	b	SynchronousExceptionSP0
681	check_vector_size SynchronousExceptionSP0
682
683	.align	7
684IrqSP0:
685	b	IrqSP0
686	check_vector_size IrqSP0
687
688	.align	7
689FiqSP0:
690	b	FiqSP0
691	check_vector_size FiqSP0
692
693	.align	7
694SErrorSP0:
695	b	SErrorSP0
696	check_vector_size SErrorSP0
697
698	/* -----------------------------------------------------
699	 * Current EL with SPx: 0x200 - 0x380
700	 * -----------------------------------------------------
701	 */
702	.align	7
703SynchronousExceptionSPx:
704	b	SynchronousExceptionSPx
705	check_vector_size SynchronousExceptionSPx
706
707	.align	7
708IrqSPx:
709	b	IrqSPx
710	check_vector_size IrqSPx
711
712	.align	7
713FiqSPx:
714	b	FiqSPx
715	check_vector_size FiqSPx
716
717	.align	7
718SErrorSPx:
719	b	SErrorSPx
720	check_vector_size SErrorSPx
721
722	/* -----------------------------------------------------
723	 * Lower EL using AArch64 : 0x400 - 0x580
724	 * -----------------------------------------------------
725	 */
726	.align	7
727SynchronousExceptionA64:
728	b	SynchronousExceptionA64
729	check_vector_size SynchronousExceptionA64
730
731	.align	7
732IrqA64:
733	b	IrqA64
734	check_vector_size IrqA64
735
736	.align	7
737FiqA64:
738	b	FiqA64
739	check_vector_size FiqA64
740
741	.align	7
742SErrorA64:
743	b   	SErrorA64
744	check_vector_size SErrorA64
745
746	/* -----------------------------------------------------
747	 * Lower EL using AArch32 : 0x0 - 0x180
748	 * -----------------------------------------------------
749	 */
750	.align	7
751SynchronousExceptionA32:
752	b	SynchronousExceptionA32
753	check_vector_size SynchronousExceptionA32
754
755	.align	7
756IrqA32:
757	b	IrqA32
758	check_vector_size IrqA32
759
760	.align	7
761FiqA32:
762	b	FiqA32
763	check_vector_size FiqA32
764
765	.align	7
766SErrorA32:
767	b	SErrorA32
768	check_vector_size SErrorA32
769
770END_FUNC reset_vect_table
771
772BTI(emit_aarch64_feature_1_and     GNU_PROPERTY_AARCH64_FEATURE_1_BTI)
773