Change BKPT and UDF encodings on ARM.

src/trusted/validator_arm/model.h

Index: src/trusted/validator_arm/model.h
diff --git a/src/trusted/validator_arm/model.h b/src/trusted/validator_arm/model.h
index ef66daa5b1770533fe9b48154afa066093f433a8..3e2073edc94c06718281cc27a25214095110b43d 100644
--- a/src/trusted/validator_arm/model.h
+++ b/src/trusted/validator_arm/model.h
@@ -256,8 +256,19 @@ static const int kArm32InstSize = 32;
 // The number of bits in a word of a THUMB instruction.
 static const int kThumbWordSize = 16;
 
-// BKPT #0x7777 is used as literal pool head.
-static const uint32_t kLiteralPoolHeadInstruction = 0xE1277777;
+// Specially chosen BKPT and UDF instructions that also correspond to
+// BKPT and UDF when decoded as Thumb instructions.
+//  - BKPT #0x5BE0 is used as literal pool head.
+//  - BKPT #0x5BEF is used as our generic breakpoint.
+//  - UDF #0xEDEF is used as halt-fill.
+//  - UDF #0xEDE0 is used as abort-now (such as __builtin_trap).
+//  - UDF #0xEDE1 is used to always fail validation.
+// All other values are disallowed by the validator out of paranoia.
+static const uint32_t kLiteralPoolHeadInstruction = 0xE125BE70;
+static const uint32_t kBreakpoint = 0xE125BE7F;
+static const uint32_t kHaltFill = 0xE7FEDEFF;
+static const uint32_t kAbortNow = 0xE7FEDEF0;
+static const uint32_t kFailValidation = 0xE7FEDEF1;
 
 // Models an instruction, either a 32-bit ARM instruction of unspecified type,
 // or one word (16-bit) and two word (32-bit) THUMB instructions.