From 671ee0ba995ea3c1709ef2d8bf1e95b4345fc63e Mon Sep 17 00:00:00 2001
From: Peter Smith <peter.smith@arm.com>
Date: Tue, 5 Nov 2024 16:53:21 +0000
Subject: [PATCH 1/2] Add Auth variants of TLSDESC generating GOT relocations

Add static Auth equivalents of the existing relocations:
* R_AARCH64_TLSDESC_ADR_PAGE21
* R_AARCH64_TLSDESC_LD64_LO12
* R_AARCH64_TLSDESC_ADD_LO12

These are sufficient to implement the small code-model for TLSDESC
using the PAuthABI. Support for the tiny and large code-model is
not implemented for the PAuthABI, or for the normal ABI in both
clang and GCC so we defer from specifiying Auth variants of all
possible relocations.

I've followed the convention that non-zero addends are not
permitted for GOT generating relocations. As each unique S+A
combination needs its own pair of GOT slots indexed by S+A and
no static linker supports that.

Fixes https://github.com/ARM-software/abi-aa/issues/293
---
 pauthabielf64/pauthabielf64.rst | 155 ++++++++++++++++++--------------
 1 file changed, 86 insertions(+), 69 deletions(-)

diff --git a/pauthabielf64/pauthabielf64.rst b/pauthabielf64/pauthabielf64.rst
index d2650cd..f8fc6c7 100644
--- a/pauthabielf64/pauthabielf64.rst
+++ b/pauthabielf64/pauthabielf64.rst
@@ -243,6 +243,9 @@ changes to the content of the document for that release.
   |            |                             | - Add R_AARCH64_AUTH_GOT_ADR_PREL_LO21 relocation.               |
   |            |                             | - Remove addend in GDAT relocation operation.                    |
   +------------+-----------------------------+------------------------------------------------------------------+
+  | 2024Q1     | 5\ :sup:`th` November 2024  | - Add static Auth TLSDESC generating relocations                 |
+  |            |                             | - Correct comment entry for R_AARCH64_AUTH_LD64_GOTOFF_LO15      |
+  +------------+-----------------------------+------------------------------------------------------------------+
 
 References
 ----------
@@ -1103,80 +1106,94 @@ AUTH variant GOT Generating Relocations
 ``ENCD(value)`` is the encoding of the signing schema into the GOT
 slot using the ``IA`` key for symbols of type STT_FUNC and the ``DA``
 key for all other symbol types. The address of the GOT slot ``G`` is
-used as a modifer.
+used as a modifer. For ``ENCD(GTLSDESC(S)`` the encoding applies to
+the first entry containing the pointer to the variable's TLS
+descriptor resolver function.
 
 The GOT entries must be relocated by AUTH variant dynamic relocations.
 
 .. table:: PAuth GOT generating relocations
 
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | ELF 64 Code | Name                                   | Operation                        | Comment                  |
-  +=============+========================================+==================================+==========================+
-  | 0x8110      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G0     | G(ENCD(GDAT(S))) - GOT           | Set a MOV[NZ] immediate  |
-  |             |                                        |                                  | field to bits [15:0] of  |
-  |             |                                        |                                  | X (see notes below)      |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x8111      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G0\_NC | G(ENCD(GDAT(S))) - GOT           | Set a MOV[NZ] immediate  |
-  |             |                                        |                                  | field to bits [15:0] of  |
-  |             |                                        |                                  | X (see notes below)      |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x8112      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G1     | G(ENCD(GDAT(S))) - GOT           | Set a MOV[NZ] immediate  |
-  |             |                                        |                                  | field to bits [31:16] of |
-  |             |                                        |                                  | X (see notes below)      |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x8113      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G1\_NC | G(ENCD(GDAT(S))) - GOT           | Set a MOV[NZ] immediate  |
-  |             |                                        |                                  | field to bits [31:16] of |
-  |             |                                        |                                  | X (see notes below)      |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x8114      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G2     | G(ENCD(GDAT(S))) - GOT           | Set a MOV[NZ] immediate  |
-  |             |                                        |                                  | field to bits [47:32] of |
-  |             |                                        |                                  | X (see notes below)      |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x8115      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G2\_NC | G(ENCD(GDAT(S))) - GOT           | Set a MOV[NZ] immediate  |
-  |             |                                        |                                  | field to bits [47:32] of |
-  |             |                                        |                                  | X (see notes below)      |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x8116      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G3     | G(ENCD(GDAT(S))) - GOT           | Set a MOV[NZ] immediate  |
-  |             |                                        |                                  | field to bits [63:48] of |
-  |             |                                        |                                  | X (see notes below)      |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x8117      | R\_AARCH64\_AUTH\_GOT\_LD\_PREL19      | G(ENCD(GDAT(S))) - P             | Set a load-literal im-   |
-  |             |                                        |                                  | mediate field to bits    |
-  |             |                                        |                                  | [20:2] of X; check       |
-  |             |                                        |                                  | –2\ :sup:`20` <=         |
-  |             |                                        |                                  | X < 2 \ :sup:`20`        |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x8118      | R\_AARCH64\_AUTH\_LD64\_GOTOFF\_LO15   | G(ENCD(GDAT(S))) - GOT           | Set the immediate        |
-  |             |                                        |                                  | value of an ADRP         |
-  |             |                                        |                                  | to bits [32:12] of X;    |
-  |             |                                        |                                  | check that –2\ :sup:`32` |
-  |             |                                        |                                  | <= X < 2\ :sup:`32`      |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x8119      | R\_AARCH64\_AUTH\_ADR\_GOT\_PAGE       | G(ENCD(GDAT(S))) - Page(P)       | Set the immediate        |
-  |             |                                        |                                  | value of an ADRP         |
-  |             |                                        |                                  | to bits [32:12] of X;    |
-  |             |                                        |                                  | check that –2\ :sup:`32` |
-  |             |                                        |                                  | <= X < 2\ :sup:`32`      |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x811A      | R\_AARCH64\_AUTH\_LD64\_GOT\_LO12_NC   | G(ENCD(GDAT(S)))                 | Set the LD/ST immediate  |
-  |             |                                        |                                  | field to bits [11:3] of  |
-  |             |                                        |                                  | X. No overflow check;    |
-  |             |                                        |                                  | check that X&7 = 0       |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x811B      | R\_AARCH64\_AUTH\_LD64\_GOTPAGE\_LO15  | G(ENCD(GDAT(S))) - Page(GOT)     | Set the LD/ST immediate  |
-  |             |                                        |                                  | field to bits [14:3] of  |
-  |             |                                        |                                  | X; check that 0 <= X  <  |
-  |             |                                        |                                  | 2\ :sup:`15`             |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x811C      | R\AARCH64\_AUTH\_GOT\_ADD_LO12_NC      | G(ENCD(GDAT(S)))                 | Set an ADD immediate     |
-  |             |                                        |                                  | value to bits [11:0] of  |
-  |             |                                        |                                  | X. No overflow check.    |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
-  | 0x811D      | R\AARCH64\_AUTH\_GOT\_ADR\_PREL\_LO21  | G(ENCD(GDAT(S))) - P             | Set the immediate        |
-  |             |                                        |                                  | value to bits[20:0] of X;|
-  |             |                                        |                                  | check that -2 :sup:`20`  |
-  |             |                                        |                                  | <= 2 :sup: `20`          |
-  +-------------+----------------------------------------+----------------------------------+--------------------------+
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | ELF 64 Code | Name                                   | Operation                              | Comment                  |
+  +=============+========================================+========================================+==========================+
+  | 0x8110      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G0     | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  |             |                                        |                                        | field to bits [15:0] of  |
+  |             |                                        |                                        | X (see notes below)      |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x8111      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G0\_NC | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  |             |                                        |                                        | field to bits [15:0] of  |
+  |             |                                        |                                        | X (see notes below)      |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x8112      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G1     | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  |             |                                        |                                        | field to bits [31:16] of |
+  |             |                                        |                                        | X (see notes below)      |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x8113      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G1\_NC | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  |             |                                        |                                        | field to bits [31:16] of |
+  |             |                                        |                                        | X (see notes below)      |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x8114      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G2     | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  |             |                                        |                                        | field to bits [47:32] of |
+  |             |                                        |                                        | X (see notes below)      |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x8115      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G2\_NC | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  |             |                                        |                                        | field to bits [47:32] of |
+  |             |                                        |                                        | X (see notes below)      |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x8116      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G3     | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  |             |                                        |                                        | field to bits [63:48] of |
+  |             |                                        |                                        | X (see notes below)      |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x8117      | R\_AARCH64\_AUTH\_GOT\_LD\_PREL19      | G(ENCD(GDAT(S))) - P                   | Set a load-literal im-   |
+  |             |                                        |                                        | mediate field to bits    |
+  |             |                                        |                                        | [20:2] of X; check       |
+  |             |                                        |                                        | –2\ :sup:`20` <=         |
+  |             |                                        |                                        | X < 2 \ :sup:`20`        |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x8118      | R\_AARCH64\_AUTH\_LD64\_GOTOFF\_LO15   | G(ENCD(GDAT(S))) - GOT                 | Set a LD/ST immediate    |
+  |             |                                        |                                        | field to bits [14:3] of  |
+  |             |                                        |                                        | X. check that 0 <= X <   |
+  |             |                                        |                                        | 2\ :sup:`15`, X&7 = 0    |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x8119      | R\_AARCH64\_AUTH\_ADR\_GOT\_PAGE       | G(ENCD(GDAT(S))) - Page(P)             | Set the immediate        |
+  |             |                                        |                                        | value of an ADRP         |
+  |             |                                        |                                        | to bits [32:12] of X;    |
+  |             |                                        |                                        | check that –2\ :sup:`32` |
+  |             |                                        |                                        | <= X < 2\ :sup:`32`      |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x811A      | R\_AARCH64\_AUTH\_LD64\_GOT\_LO12_NC   | G(ENCD(GDAT(S)))                       | Set the LD/ST immediate  |
+  |             |                                        |                                        | field to bits [11:3] of  |
+  |             |                                        |                                        | X. No overflow check;    |
+  |             |                                        |                                        | check that X&7 = 0       |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x811B      | R\_AARCH64\_AUTH\_LD64\_GOTPAGE\_LO15  | G(ENCD(GDAT(S))) - Page(GOT)           | Set the LD/ST immediate  |
+  |             |                                        |                                        | field to bits [14:3] of  |
+  |             |                                        |                                        | X; check that 0 <= X  <  |
+  |             |                                        |                                        | 2\ :sup:`15`             |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x811C      | R\_AARCH64\_AUTH\_GOT\_ADD_LO12_NC     | G(ENCD(GDAT(S)))                       | Set an ADD immediate     |
+  |             |                                        |                                        | value to bits [11:0] of  |
+  |             |                                        |                                        | X. No overflow check.    |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x811D      | R\_AARCH64\_AUTH\_GOT\_ADR\_PREL\_LO21 | G(ENCD(GDAT(S))) - P                   | Set the immediate        |
+  |             |                                        |                                        | value to bits[20:0] of X;|
+  |             |                                        |                                        | check that -2 :sup:`20`  |
+  |             |                                        |                                        | <= 2 :sup: `20`          |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x811E      | R\_AARCH64\_AUTH\_TLSDESC\_ADR\_PAGE21 | Page(G(ENCD(GTLSDESC(S)))) - Page(P)   | Set an ADRP immediate    |
+  |             |                                        |                                        | field to bits [32:12] of |
+  |             |                                        |                                        | X; check –2\ :sup:`20`   |
+  |             |                                        |                                        | <= X < 2 \ :sup:`20`     |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x811F      | R\_AARCH64\_AUTH\_TLSDESC\_LD64\_LO12  | G(ENCD(GTLSDESC(S)))                   | Set an LD offset to bits |
+  |             |                                        |                                        | [11:3] of X. No overflow |
+  |             |                                        |                                        | check; check X&7 = 0.    |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
+  | 0x8120      | R\_AARCH64\_AUTH\_TLSDESC\_ADD\_LO12   | G(ENCD(GTLSDESC(S)))                   | Set an ADD immediate     |
+  |             |                                        |                                        | field to bits [11:0] of  |
+  |             |                                        |                                        | X. No overflow check.    |
+  +-------------+----------------------------------------+----------------------------------------+--------------------------+
 .. raw:: pdf
 
    PageBreak

From 6b15b45d45d73706869f5ea52b78723f77c1ac2c Mon Sep 17 00:00:00 2001
From: Peter Smith <peter.smith@arm.com>
Date: Fri, 29 Nov 2024 11:05:14 +0000
Subject: [PATCH 2/2] [pauthabi64][aaelf64] Move PAuth GOT relocs out of
 private space

In the initial draft relocations for signing GOT entries were
defined in the private space reserved for experiments. It was not
known if these relocations would be useful as if RELRO is supported
the GOT does not need to be signed. There is now at least one user
of the GOT signing relocations so we should move the relocations
out of the private space and into the space reserved for the
PAuthABI.

This PR includes relocations added in
https://github.com/ARM-software/abi-aa/pull/295

Fixes: https://github.com/ARM-software/abi-aa/issues/298
---
 aaelf64/aaelf64.rst             | 123 ++++++++++++++++++++++----------
 pauthabielf64/pauthabielf64.rst |  49 +++++++------
 2 files changed, 110 insertions(+), 62 deletions(-)

diff --git a/aaelf64/aaelf64.rst b/aaelf64/aaelf64.rst
index ff4364b..4877f7b 100644
--- a/aaelf64/aaelf64.rst
+++ b/aaelf64/aaelf64.rst
@@ -281,6 +281,9 @@ changes to the content of the document for that release.
   |               |                    | - Clarify use of addends in MOVZ, MOVK, |
   |               |                    |    and ADRP                             |
   +---------------+--------------------+-----------------------------------------+
+  | 2024Q4        | 29\ :sup:`th`      | - Moved PAuthABI GOT relocations out of |
+  |               | November 2024      |   reserved space.                       |
+  +---------------+--------------------+-----------------------------------------+
 
 References
 ----------
@@ -1696,15 +1699,51 @@ The PAuth ABI Extension defines a number of static and dynamic relocations.
 The information in this document is sufficient to reserve the relocation types.
 For details on the relocations and operations see `PAUTHABIELF64`_.
 
+The ``PAUTH`` and ``ENCD`` operators are defined in `PAUTHABIELF64`_.
+
 .. class:: aaelf64-pauth-descriptor-relocations
 
 .. table:: PAuthABI static relocations
 
-  +------------+------------+---------------------------------+----------------------------------+-----------------------------------------------------+
-  | ELF64 Code | ELF32 Code | Name                            | Operation                        | Comment                                             |
-  +============+============+=================================+==================================+=====================================================+
-  | 580        | \-         | R\_<CLS>\_AUTH\_ABS64           | PAUTH(S+A)                       | See `PAUTHABIELF64`_                                |
-  +------------+------------+---------------------------------+----------------------------------+-----------------------------------------------------+
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | ELF64 Code | ELF32 Code | Name                                   | Operation                            | Comment              |
+  +============+============+========================================+======================================+======================+
+  | 580        | \-         | R\_<CLS>\_AUTH\_ABS64                  | PAUTH(S+A)                           | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 581        | \-         | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G0     | G(ENCD(GDAT(S))) - GOT               | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 582        | \-         | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G0\_NC | G(ENCD(GDAT(S))) - GOT               | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 583        | \-         | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G1     | G(ENCD(GDAT(S))) - GOT               | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 584        | \-         | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G1\_NC | G(ENCD(GDAT(S))) - GOT               | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 585        | \-         | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G2     | G(ENCD(GDAT(S))) - GOT               | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 586        | \-         | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G2\_NC | G(ENCD(GDAT(S))) - GOT               | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 587        | \-         | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G3     | G(ENCD(GDAT(S))) - GOT               | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 588        | \-         | R\_AARCH64\_AUTH\_GOT\_LD\_PREL19      | G(ENCD(GDAT(S))) - P                 | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 589        | \-         | R\_AARCH64\_AUTH\_LD64\_GOTOFF\_LO15   | G(ENCD(GDAT(S))) - GOT               | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 590        | \-         | R\_AARCH64\_AUTH\_ADR\_GOT\_PAGE       | G(ENCD(GDAT(S))) - Page(P)           | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 591        | \-         | R\_AARCH64\_AUTH\_LD64\_GOT\_LO12_NC   | G(ENCD(GDAT(S)))                     | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 592        | \-         | R\_AARCH64\_AUTH\_LD64\_GOTPAGE\_LO15  | G(ENCD(GDAT(S))) - Page(GOT)         | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 593        | \-         | R\_AARCH64\_AUTH\_GOT\_ADD_LO12_NC     | G(ENCD(GDAT(S)))                     | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 594        | \-         | R\_AARCH64\_AUTH\_GOT\_ADR\_PREL\_LO21 | G(ENCD(GDAT(S))) - P                 | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 595        | \-         | R\_AARCH64\_AUTH\_TLSDESC\_ADR\_PAGE21 | Page(G(ENCD(GTLSDESC(S)))) - Page(P) | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 596        | \-         | R\_AARCH64\_AUTH\_TLSDESC\_LD64\_LO12  | G(ENCD(GTLSDESC(S)))                 | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
+  | 597        | \-         | R\_AARCH64\_AUTH\_TLSDESC\_ADD\_LO12   | G(ENCD(GTLSDESC(S)))                 | See `PAUTHABIELF64`_ |
+  +------------+------------+----------------------------------------+--------------------------------------+----------------------+
 
 Dynamic relocations
 ^^^^^^^^^^^^^^^^^^^
@@ -1715,39 +1754,45 @@ The dynamic relocations for those execution environments that support only a lim
 
 .. table:: Dynamic relocations
 
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | ELF64 Code | ELF32 Code | Name                     | Operation                       | Comment                                   |
-  +============+============+==========================+=================================+===========================================+
-  | 257        | \-         | R\_<CLS>\_ABS64          | S + A                           | See note below.                           |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | \-         | 1          | R\_<CLS>\_ABS32          | S + A                           | See note below.                           |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | 580        | \-         | R\_<CLS>\_AUTH\_ABS64    | SIGN(S + A, SCHEMA(\*P))        | See note below.                           |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | 1024       | 180        | R\_<CLS>\_COPY           |                                 | See note below.                           |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | 1025       | 181        | R\_<CLS>\_GLOB\_DAT      | S + A                           | See note below                            |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | 1026       | 182        | R\_<CLS>\_JUMP\_SLOT     | S + A                           | See note below                            |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | 1027       | 183        | R\_<CLS>\_RELATIVE       | Delta(S) + A                    | See note below                            |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | 1028       | 184        | R\_<CLS>\_TLS\_IMPDEF1   |                                 | See note below                            |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | 1029       | 185        | R\_<CLS>\_TLS\_IMPDEF2   |                                 | See note below                            |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  |            |            | R\_<CLS>\_TLS\_DTPREL    | DTPREL(S+A)                     | See note below                            |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  |            |            | R\_<CLS>\_TLS\_DTPMOD    | LDM(S)                          | See note below                            |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | 1030       | 186        | R\_<CLS>\_TLS\_TPREL     | TPREL(S+A)                      |                                           |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | 1031       | 187        | R\_<CLS>\_TLSDESC        | TLSDESC(S+A)                    | Identifies a TLS descriptor to be filled  |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | 1032       | 188        | R\_<CLS>\_IRELATIVE      | Indirect(Delta(S) + A)          | See note below.                           |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
-  | 1041       | \-         | R\_<CLS>\_AUTH\_RELATIVE | SIGN(DELTA(S) + A, SCHEMA(\*P)) | See note below.                           |
-  +------------+------------+--------------------------+---------------------------------+-------------------------------------------+
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | ELF64 Code | ELF32 Code | Name                        | Operation                          | Comment                                   |
+  +============+============+=============================+====================================+===========================================+
+  | 257        | \-         | R\_<CLS>\_ABS64             | S + A                              | See note below.                           |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | \-         | 1          | R\_<CLS>\_ABS32             | S + A                              | See note below.                           |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 580        | \-         | R\_<CLS>\_AUTH\_ABS64       | SIGN(S + A, SCHEMA(\*P))           | See note below.                           |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1024       | 180        | R\_<CLS>\_COPY              |                                    | See note below.                           |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1025       | 181        | R\_<CLS>\_GLOB\_DAT         | S + A                              | See note below                            |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1026       | 182        | R\_<CLS>\_JUMP\_SLOT        | S + A                              | See note below                            |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1027       | 183        | R\_<CLS>\_RELATIVE          | Delta(S) + A                       | See note below                            |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1028       | 184        | R\_<CLS>\_TLS\_IMPDEF1      |                                    | See note below                            |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1029       | 185        | R\_<CLS>\_TLS\_IMPDEF2      |                                    | See note below                            |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  |            |            | R\_<CLS>\_TLS\_DTPREL       | DTPREL(S+A)                        | See note below                            |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  |            |            | R\_<CLS>\_TLS\_DTPMOD       | LDM(S)                             | See note below                            |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1030       | 186        | R\_<CLS>\_TLS\_TPREL        | TPREL(S+A)                         |                                           |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1031       | 187        | R\_<CLS>\_TLSDESC           | TLSDESC(S+A)                       | Identifies a TLS descriptor to be filled  |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1032       | 188        | R\_<CLS>\_IRELATIVE         | Indirect(Delta(S) + A)             | See note below.                           |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1041       | \-         | R\_<CLS>\_AUTH\_RELATIVE    | SIGN(DELTA(S) + A, SCHEMA(\*P))    | See note below.                           |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1042       | \-         | R\_AARCH64\_AUTH\_GLOB\_DAT | SIGN((S + A), SCHEMA(\*P))         | See note below.                           |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1043       | \-         | R\_AARCH64\_AUTH\_TLSDESC   | SIGN(TLSDESC(S + A), SCHEMA(\*P))  | See note below.                           |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
+  | 1044       | \-         | R\_AARCH64\_AUTH\_IRELATIVE | SIGN(Indirect(S + A), SCHEMA(\*P)) | See note below.                           |
+  +------------+------------+-----------------------------+------------------------------------+-------------------------------------------+
 
 With the exception of ``R_<CLS>_COPY`` all dynamic relocations require that the place being relocated is an 8-byte aligned 64-bit data location in ELF64 or a 4-byte aligned 32-bit data location in ELF32.
 
@@ -1779,7 +1824,7 @@ Relocations ``R_AARCH64_TLS_DTPREL``, ``R_AARCH64_TLS_DTPMOD`` and ``R_AARCH64_T
 
 It is implementation defined whether ``R_<CLS>_TLS_IMPDEF1`` implements ``R_<CLS>_TLS_DTPREL`` and ``R_<CLS>_TLS_IMPDEF2`` implements ``R_<CLS>_TLS_DTPMOD`` or whether ``R_<CLS>_TLS_IMPDEF1`` implements ``R_<CLS>_TLS_DTPMOD`` and ``R_<CLS>_TLS_IMPDEF2`` implements ``R_<CLS>_TLS_DTPREL``; a platform must document its choice\ [#aaelf64-f1]_.
 
-``R\_<CLS>\_AUTH\_ABS64`` and ``R\_<CLS>\_AUTH\_RELATIVE`` are part of the PAuth ABI Extension. For details on the relocations and operations see `PAUTHABIELF64`_. Note that ``R\_<CLS>\_AUTH\_ABS64`` is both a static and a dynamic relocation.
+``R\_<CLS>\_AUTH\_ABS64``, ``R\_<CLS>\_AUTH\_RELATIVE``, ``R\_AARCH64\_AUTH\_GLOB\_DAT``, ``R\_AARCH64\_AUTH\_TLSDESC`` and ``R\_AARCH64\_AUTH\_IRELATIVE`` are part of the PAuth ABI Extension. For details on the relocations and operations see `PAUTHABIELF64`_. Note that ``R\_<CLS>\_AUTH\_ABS64`` is both a static and a dynamic relocation.
 
 Private and platform-specific relocations
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/pauthabielf64/pauthabielf64.rst b/pauthabielf64/pauthabielf64.rst
index f8fc6c7..6d69068 100644
--- a/pauthabielf64/pauthabielf64.rst
+++ b/pauthabielf64/pauthabielf64.rst
@@ -243,8 +243,11 @@ changes to the content of the document for that release.
   |            |                             | - Add R_AARCH64_AUTH_GOT_ADR_PREL_LO21 relocation.               |
   |            |                             | - Remove addend in GDAT relocation operation.                    |
   +------------+-----------------------------+------------------------------------------------------------------+
-  | 2024Q1     | 5\ :sup:`th` November 2024  | - Add static Auth TLSDESC generating relocations                 |
-  |            |                             | - Correct comment entry for R_AARCH64_AUTH_LD64_GOTOFF_LO15      |
+  | 2024Q1     | 5\ :sup:`th` November 2024  | - Add static Auth TLSDESC generating relocations.                |
+  |            |                             | - Correct comment entry for R_AARCH64_AUTH_LD64_GOTOFF_LO15.     |
+  +------------+-----------------------------+------------------------------------------------------------------+
+  | 2024Q1     | 29\ :sup:`th` November 2024 | - Move AUTH GOT generating relocations out of private experiment |
+  |            |                             |   Range.                                                         |
   +------------+-----------------------------+------------------------------------------------------------------+
 
 References
@@ -509,7 +512,7 @@ is RELRO then the GOT does not need to be signed.
 
 As a majority of platforms support RELRO and assuming a RELRO GOT
 simplifies the ABI, this document will assume an unsigned GOT. An
-optional appendix `Appendix thoughts on encoding a signing schema`_
+optional appendix `Appendix Signed GOT`_
 describes how a GOT can be signed.
 
 PLT GOT signing
@@ -1117,80 +1120,80 @@ The GOT entries must be relocated by AUTH variant dynamic relocations.
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
   | ELF 64 Code | Name                                   | Operation                              | Comment                  |
   +=============+========================================+========================================+==========================+
-  | 0x8110      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G0     | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  | 0x245       | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G0     | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
   |             |                                        |                                        | field to bits [15:0] of  |
   |             |                                        |                                        | X (see notes below)      |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x8111      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G0\_NC | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  | 0x246       | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G0\_NC | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
   |             |                                        |                                        | field to bits [15:0] of  |
   |             |                                        |                                        | X (see notes below)      |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x8112      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G1     | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  | 0x247       | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G1     | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
   |             |                                        |                                        | field to bits [31:16] of |
   |             |                                        |                                        | X (see notes below)      |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x8113      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G1\_NC | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  | 0x248       | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G1\_NC | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
   |             |                                        |                                        | field to bits [31:16] of |
   |             |                                        |                                        | X (see notes below)      |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x8114      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G2     | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  | 0x249       | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G2     | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
   |             |                                        |                                        | field to bits [47:32] of |
   |             |                                        |                                        | X (see notes below)      |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x8115      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G2\_NC | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  | 0x24a       | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G2\_NC | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
   |             |                                        |                                        | field to bits [47:32] of |
   |             |                                        |                                        | X (see notes below)      |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x8116      | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G3     | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
+  | 0x24b       | R\_AARCH64\_AUTH\_MOVW\_GOTOFF\_G3     | G(ENCD(GDAT(S))) - GOT                 | Set a MOV[NZ] immediate  |
   |             |                                        |                                        | field to bits [63:48] of |
   |             |                                        |                                        | X (see notes below)      |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x8117      | R\_AARCH64\_AUTH\_GOT\_LD\_PREL19      | G(ENCD(GDAT(S))) - P                   | Set a load-literal im-   |
+  | 0x24c       | R\_AARCH64\_AUTH\_GOT\_LD\_PREL19      | G(ENCD(GDAT(S))) - P                   | Set a load-literal im-   |
   |             |                                        |                                        | mediate field to bits    |
   |             |                                        |                                        | [20:2] of X; check       |
   |             |                                        |                                        | –2\ :sup:`20` <=         |
   |             |                                        |                                        | X < 2 \ :sup:`20`        |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x8118      | R\_AARCH64\_AUTH\_LD64\_GOTOFF\_LO15   | G(ENCD(GDAT(S))) - GOT                 | Set a LD/ST immediate    |
+  | 0x24d       | R\_AARCH64\_AUTH\_LD64\_GOTOFF\_LO15   | G(ENCD(GDAT(S))) - GOT                 | Set a LD/ST immediate    |
   |             |                                        |                                        | field to bits [14:3] of  |
   |             |                                        |                                        | X. check that 0 <= X <   |
   |             |                                        |                                        | 2\ :sup:`15`, X&7 = 0    |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x8119      | R\_AARCH64\_AUTH\_ADR\_GOT\_PAGE       | G(ENCD(GDAT(S))) - Page(P)             | Set the immediate        |
+  | 0x24e       | R\_AARCH64\_AUTH\_ADR\_GOT\_PAGE       | G(ENCD(GDAT(S))) - Page(P)             | Set the immediate        |
   |             |                                        |                                        | value of an ADRP         |
   |             |                                        |                                        | to bits [32:12] of X;    |
   |             |                                        |                                        | check that –2\ :sup:`32` |
   |             |                                        |                                        | <= X < 2\ :sup:`32`      |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x811A      | R\_AARCH64\_AUTH\_LD64\_GOT\_LO12_NC   | G(ENCD(GDAT(S)))                       | Set the LD/ST immediate  |
+  | 0x24f       | R\_AARCH64\_AUTH\_LD64\_GOT\_LO12_NC   | G(ENCD(GDAT(S)))                       | Set the LD/ST immediate  |
   |             |                                        |                                        | field to bits [11:3] of  |
   |             |                                        |                                        | X. No overflow check;    |
   |             |                                        |                                        | check that X&7 = 0       |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x811B      | R\_AARCH64\_AUTH\_LD64\_GOTPAGE\_LO15  | G(ENCD(GDAT(S))) - Page(GOT)           | Set the LD/ST immediate  |
+  | 0x250       | R\_AARCH64\_AUTH\_LD64\_GOTPAGE\_LO15  | G(ENCD(GDAT(S))) - Page(GOT)           | Set the LD/ST immediate  |
   |             |                                        |                                        | field to bits [14:3] of  |
   |             |                                        |                                        | X; check that 0 <= X  <  |
   |             |                                        |                                        | 2\ :sup:`15`             |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x811C      | R\_AARCH64\_AUTH\_GOT\_ADD_LO12_NC     | G(ENCD(GDAT(S)))                       | Set an ADD immediate     |
+  | 0x251       | R\_AARCH64\_AUTH\_GOT\_ADD_LO12_NC     | G(ENCD(GDAT(S)))                       | Set an ADD immediate     |
   |             |                                        |                                        | value to bits [11:0] of  |
   |             |                                        |                                        | X. No overflow check.    |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x811D      | R\_AARCH64\_AUTH\_GOT\_ADR\_PREL\_LO21 | G(ENCD(GDAT(S))) - P                   | Set the immediate        |
+  | 0x252       | R\_AARCH64\_AUTH\_GOT\_ADR\_PREL\_LO21 | G(ENCD(GDAT(S))) - P                   | Set the immediate        |
   |             |                                        |                                        | value to bits[20:0] of X;|
   |             |                                        |                                        | check that -2 :sup:`20`  |
   |             |                                        |                                        | <= 2 :sup: `20`          |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x811E      | R\_AARCH64\_AUTH\_TLSDESC\_ADR\_PAGE21 | Page(G(ENCD(GTLSDESC(S)))) - Page(P)   | Set an ADRP immediate    |
+  | 0x253       | R\_AARCH64\_AUTH\_TLSDESC\_ADR\_PAGE21 | Page(G(ENCD(GTLSDESC(S)))) - Page(P)   | Set an ADRP immediate    |
   |             |                                        |                                        | field to bits [32:12] of |
   |             |                                        |                                        | X; check –2\ :sup:`20`   |
   |             |                                        |                                        | <= X < 2 \ :sup:`20`     |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x811F      | R\_AARCH64\_AUTH\_TLSDESC\_LD64\_LO12  | G(ENCD(GTLSDESC(S)))                   | Set an LD offset to bits |
+  | 0x254       | R\_AARCH64\_AUTH\_TLSDESC\_LD64\_LO12  | G(ENCD(GTLSDESC(S)))                   | Set an LD offset to bits |
   |             |                                        |                                        | [11:3] of X. No overflow |
   |             |                                        |                                        | check; check X&7 = 0.    |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
-  | 0x8120      | R\_AARCH64\_AUTH\_TLSDESC\_ADD\_LO12   | G(ENCD(GTLSDESC(S)))                   | Set an ADD immediate     |
+  | 0x255       | R\_AARCH64\_AUTH\_TLSDESC\_ADD\_LO12   | G(ENCD(GTLSDESC(S)))                   | Set an ADD immediate     |
   |             |                                        |                                        | field to bits [11:0] of  |
   |             |                                        |                                        | X. No overflow check.    |
   +-------------+----------------------------------------+----------------------------------------+--------------------------+
@@ -1220,11 +1223,11 @@ The ``R_AARCH64_AUTH_GOT_ADR_PREL_LO21`` relocation is used with the
   +--------------------+------------------------------+------------------------------------+
   | Relocation code    | Name                         | Operation                          |
   +====================+==============================+====================================+
-  | 0xE201             | R\_AARCH64\_AUTH\_GLOB\_DAT  | SIGN((S + A), SCHEMA(\*P))         |
+  | 0x412              | R\_AARCH64\_AUTH\_GLOB\_DAT  | SIGN((S + A), SCHEMA(\*P))         |
   +--------------------+------------------------------+------------------------------------+
-  | 0xE202             | R\_AARCH64\_AUTH\_TLSDESC    | SIGN(TLSDESC(S + A), SCHEMA(\*P))  |
+  | 0x413              | R\_AARCH64\_AUTH\_TLSDESC    | SIGN(TLSDESC(S + A), SCHEMA(\*P))  |
   +--------------------+------------------------------+------------------------------------+
-  | 0xE203             | R\_AARCH64\_AUTH\_IRELATIVE  | SIGN(Indirect(S + A), SCHEMA(\*P)) |
+  | 0x414              | R\_AARCH64\_AUTH\_IRELATIVE  | SIGN(Indirect(S + A), SCHEMA(\*P)) |
   +--------------------+------------------------------+------------------------------------+
 
 Compatibility between relocatable object files