From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from a7-20.smtp-out.eu-west-1.amazonses.com (a7-20.smtp-out.eu-west-1.amazonses.com [54.240.7.20]) by mx.groups.io with SMTP id smtpd.web11.9709.1675429128155118748 for ; Fri, 03 Feb 2023 04:58:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@ipxe.org header.s=cphpx6z2rfcgehlykjjh3gknqe3hsoe2 header.b=eku5S7+w; spf=pass (domain: eu-west-1.amazonses.com, ip: 54.240.7.20, mailfrom: 01020186175b9ead-b4db5675-809a-4d71-8b17-9a24368bd053-000000@eu-west-1.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=cphpx6z2rfcgehlykjjh3gknqe3hsoe2; d=ipxe.org; t=1675429126; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=1FJPydT56bIIU0Ym1mb0XgWqRaLUKRHQV1k65Qm4ckY=; b=eku5S7+wmzlrPnVAGGDRJto18Zqy+VapouPgMFr3O4t8MEWMO3ahCmKLd9a8pMJS j8GHUk1PdRsF/NSenAl5LX1Q3cXbek6PA0+6jwuMT3DMj9NphVpPIXpL6qetLi+ZXSa J8hMvJyBT3b2LiLokegWAG7miqNi5MZSmDj8qlbPShrJd+wJZroeuRrXKszSRd8uT0s IDyEhHqpMQVLOdMQHPz+KGWNiDOdVv2X2EnEz5VLvcML4oNjMCkxICrwJIHKLxRXGFJ u9N8ILLv+pS15UTsEWS4C6hd4pz9Ivx8xU25Z+kFpjUorcS3cY7wmCskWGggWoWv184 J8hc8/Gcrg== DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ihchhvubuqgjsxyuhssfvqohv7z3u4hn; d=amazonses.com; t=1675429126; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=1FJPydT56bIIU0Ym1mb0XgWqRaLUKRHQV1k65Qm4ckY=; b=geAHhGT06rqNupr/Ed29fDYW9r9XXAMPAiO+/v3fm/9V4o4G/iptHR+SLQaE6MIS o4NXUCeUmLAl5SP+GK5ie567RG4ZCZCgTwJic4KYhrHA1Fmccy6EHzadZ66bozOZhsU AiLMLC2BuS9UkxHyXPkHpEl21QVEr2f5o8aG8P+g= Message-ID: <01020186175b9ead-b4db5675-809a-4d71-8b17-9a24368bd053-000000@eu-west-1.amazonses.com> Date: Fri, 3 Feb 2023 12:58:45 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 Subject: Re: [edk2-devel] [RFC PATCH v2 7/7] ArmVirtPkg: Implement BTI for runtime regions To: devel@edk2.groups.io, ardb@kernel.org Cc: Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?Q?Marvin_H=c3=a4user?= References: <20230203121029.2451394-1-ardb@kernel.org> <20230203121029.2451394-8-ardb@kernel.org> <0102018617449762-c2f2f6c3-1532-41d5-ae76-d7c63ee61d49-000000@eu-west-1.amazonses.com> From: "Michael Brown" In-Reply-To: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on blyat.fensystems.co.uk Feedback-ID: 1.eu-west-1.fspj4M/5bzJ9NLRzJP0PaxRwxrpZqiDQJ1IF94CF2TA=:AmazonSES X-SES-Outgoing: 2023.02.03-54.240.7.20 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 03/02/2023 12:55, Ard Biesheuvel wrote: >> Question: as a producer of externally loaded UEFI binaries (e.g. >> ipxe.efi): what would I need to do to take advantage of BTI? >> >> I'm assuming: >> >> - enable -mbranch-protection=bti in my builds (easy) >> >> - wait for PE/COFF specification change and then update my produced >> images to include whatever flag gets decided upon. >> >> Is that correct? > > First of all, in case you missed this, the series in question only > covers runtime DXE drivers, i.e., the code that persists after > ExitBootServices() and gets mapped by the OS and called to access the > variable store. So iPXE should not be affected at all by these > changes. I was not paying close attention to this patch series and had missed that detail: thank you for clarifying. > So to answer your question: yes. Thank you! Michael