From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from a7-18.smtp-out.eu-west-1.amazonses.com (a7-18.smtp-out.eu-west-1.amazonses.com [54.240.7.18])
 by mx.groups.io with SMTP id smtpd.web10.9128.1675427618579699925
 for <devel@edk2.groups.io>;
 Fri, 03 Feb 2023 04:33:38 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ipxe.org header.s=cphpx6z2rfcgehlykjjh3gknqe3hsoe2 header.b=GdhS96MQ;
 spf=pass (domain: eu-west-1.amazonses.com, ip: 54.240.7.18, mailfrom: 0102018617449762-c2f2f6c3-1532-41d5-ae76-d7c63ee61d49-000000@eu-west-1.amazonses.com)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
	s=cphpx6z2rfcgehlykjjh3gknqe3hsoe2; d=ipxe.org; t=1675427616;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Content-Type:Content-Transfer-Encoding;
	bh=n2vu0cTf8ubKX1BhuX7i2B9bFLoaluYhUMVASBWwgGM=;
	b=GdhS96MQh2q4WMMeZXe1ZThdij2vwVH+Fxcq3VI8fx5OmBuqvcYH5Kx9D1vMj/hp
	yosOeN8qSmz/jLj9HpbTRP/lEwiy9cme1KQWmwS1niTH1l5MuS0FYAodVO8UZh1SSNi
	ioRC++Mria+WAzPi5P5qbsu/wSN/gyZBS++1e9y9KDznds62CqmPu10oNKfVdg+21hU
	ANxdR84vtuVA3tSiSsBQ5FZckhfooWuzgGKHIc2J6dckUIW4VzVQN9ZdxCWPjk3dD26
	0dKJQ8y86Qj3Sj2w+OTt0YuGz6iDhO4+EPrkcRjBAD6YrtD0rbzGIfVxIbh2pw616sY
	vwim2jlxcg==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
	s=ihchhvubuqgjsxyuhssfvqohv7z3u4hn; d=amazonses.com; t=1675427616;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID;
	bh=n2vu0cTf8ubKX1BhuX7i2B9bFLoaluYhUMVASBWwgGM=;
	b=mApAtvqxEtxGXUaGxv/QHzMgz07TFWLGxklJF5btJaTFVEP8HeEQnE1Kr5eOyk1e
	qUpwvt9y4TDb74rJRelNQ3hIOppEjJhcIUQTgFpnY3KmfzLMUGViswiMLO4oYYMSfMw
	N1IRpy5eRKOGOZPh5/2K+p30/iRpB+xOOkKQEgC8=
Message-ID: <0102018617449762-c2f2f6c3-1532-41d5-ae76-d7c63ee61d49-000000@eu-west-1.amazonses.com>
Date: Fri, 3 Feb 2023 12:33:36 +0000
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.6.0
Subject: Re: [edk2-devel] [RFC PATCH v2 7/7] ArmVirtPkg: Implement BTI for runtime regions
To: devel@edk2.groups.io, ardb@kernel.org
Cc: Michael Kinney <michael.d.kinney@intel.com>,
 Liming Gao <gaoliming@byosoft.com.cn>, Jiewen Yao <jiewen.yao@intel.com>,
 Michael Kubacki <michael.kubacki@microsoft.com>,
 Sean Brogan <sean.brogan@microsoft.com>,
 Rebecca Cran <quic_rcran@quicinc.com>,
 Leif Lindholm <quic_llindhol@quicinc.com>,
 Sami Mujawar <sami.mujawar@arm.com>, Taylor Beebe <t@taylorbeebe.com>,
 =?UTF-8?Q?Marvin_H=c3=a4user?= <mhaeuser@posteo.de>
References: <20230203121029.2451394-1-ardb@kernel.org>
 <20230203121029.2451394-8-ardb@kernel.org>
From: "Michael Brown" <mcb30@ipxe.org>
In-Reply-To: <20230203121029.2451394-8-ardb@kernel.org>
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
	autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	blyat.fensystems.co.uk
Feedback-ID: 1.eu-west-1.fspj4M/5bzJ9NLRzJP0PaxRwxrpZqiDQJ1IF94CF2TA=:AmazonSES
X-SES-Outgoing: 2023.02.03-54.240.7.18
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 03/02/2023 12:10, Ard Biesheuvel wrote:
> +[BuildOptions]
> +!if $(RUNTIME_BTI_ENABLE) == TRUE
> +  GCC:*_*_AARCH64_CC_FLAGS = -mbranch-protection=bti
> +!endif

Question: as a producer of externally loaded UEFI binaries (e.g. 
ipxe.efi): what would I need to do to take advantage of BTI?

I'm assuming:

- enable -mbranch-protection=bti in my builds (easy)

- wait for PE/COFF specification change and then update my produced 
images to include whatever flag gets decided upon.

Is that correct?

Thanks,

Michael