This looks like a reasonable step for now to me; we can refine or adjust affected CPU detection later on.

My understanding is pointer authentication works on the Cortex-A78C with the workaround in erratum 2478780, the issue is the firmware traps access to the needed registers.

I don't think there is a way for the firmware to tell us that pointer authentication is disabled so it might be better to check which device we are on from the various smbios environment variables & disable based on that.

In D39748#904637, @andrew wrote:

My understanding is pointer authentication works on the Cortex-A78C with the workaround in erratum 2478780, the issue is the firmware traps access to the needed registers.

I don't think there is a way for the firmware to tell us that pointer authentication is disabled so it might be better to check which device we are on from the various smbios environment variables & disable based on that.

But there's also no way for us to know whether firmware has applied the workaround, so don't we have to always apply the workaround to be safe?

The issue we are seeing isn't due to the erratum, but because the firmware is setting at least one of the SCR_EL3.APK or HCR_EL2.APK fields so is trapping accesses to the special registers. As this is a firmware issue it's possible other firmware on different CPUs could be affected that this check would miss.

As Linux doesn't have a workaround for the issue they expect the firmware will have implemented the workaround, although we may be able to detect if it's missing by reading back sctlr_el1 and checking if it is corrupt.

LGTM for now. If a fixed firmware shows up we can check the version.