From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
Michael Kinney <michael.d.kinney@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Jiewen Yao <jiewen.yao@intel.com>,
Michael Kubacki <michael.kubacki@microsoft.com>,
Sean Brogan <sean.brogan@microsoft.com>,
Rebecca Cran <quic_rcran@quicinc.com>,
Leif Lindholm <quic_llindhol@quicinc.com>,
Sami Mujawar <sami.mujawar@arm.com>,
Taylor Beebe <t@taylorbeebe.com>
Subject: [RFC PATCH 3/3] ArmVirtPkg/ArmVirtQemu: Implement BTI for runtime regions
Date: Thu, 2 Feb 2023 19:03:35 +0100 [thread overview]
Message-ID: <20230202180335.2256160-4-ardb@kernel.org> (raw)
In-Reply-To: <20230202180335.2256160-1-ardb@kernel.org>
Add a build option RUNTIM_BTI_ENABLE, and wire it up to the newly added
PCD that controls the value of the BTI flag in the memory attributes
table, as well as the command line options passed to the compiler to get
it to emit BTI landing pads in BASE and DXE_RUNTIME_DRIVER modules.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
ArmVirtPkg/ArmVirtQemu.dsc | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 0f1c6395488a..0a67fe250d86 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -32,6 +32,7 @@ [Defines]
DEFINE TPM2_ENABLE = FALSE
DEFINE TPM2_CONFIG_ENABLE = FALSE
DEFINE CAVIUM_ERRATUM_27456 = FALSE
+ DEFINE RUNTIME_BTI_ENABLE = TRUE
#
# Network definition
@@ -124,6 +125,11 @@ [BuildOptions]
GCC:*_*_AARCH64_CC_XIPFLAGS ==
!endif
+!if $(RUNTIME_BTI_ENABLE) == TRUE
+[BuildOptions.common.BASE,BuildOptions.common.DXE_RUNTIME_DRIVER]
+ GCC:*_*_AARCH64_CC_FLAGS = -mbranch-protection=bti
+!endif
+
!include NetworkPkg/NetworkBuildOptions.dsc.inc
################################################################################
@@ -148,6 +154,8 @@ [PcdsFeatureFlag.common]
[PcdsFixedAtBuild.common]
!if $(ARCH) == AARCH64
gArmTokenSpaceGuid.PcdVFPEnabled|1
+
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryAttributesTableForwardCfi|$(RUNTIME_BTI_ENABLE)
!endif
gArmPlatformTokenSpaceGuid.PcdCPUCoresStackBase|0x4007c000
--
2.39.1
prev parent reply other threads:[~2023-02-02 18:03 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-02 18:03 [RFC PATCH 0/3] enable IBT/BTI codegen and reporting to the OS Ard Biesheuvel
2023-02-02 18:03 ` [RFC PATCH 1/3] MdePkg: Update MemoryAttributesTable to v2.10 Ard Biesheuvel
2023-02-02 18:44 ` [edk2-devel] " Michael D Kinney
2023-02-03 0:26 ` Michael Kubacki
2023-02-02 18:03 ` [RFC PATCH 2/3] MdeModulePkg: Enable forward edge CFI in mem attributes table Ard Biesheuvel
2023-02-02 18:48 ` Michael D Kinney
2023-02-02 19:00 ` Ard Biesheuvel
2023-02-03 0:24 ` [edk2-devel] " Michael Kubacki
2023-02-03 1:16 ` Yao, Jiewen
2023-02-03 8:26 ` Ard Biesheuvel
2023-02-03 9:52 ` Marvin Häuser
2023-02-03 10:10 ` Yao, Jiewen
2023-03-24 21:48 ` Michael Kubacki
2023-02-03 8:25 ` Marvin Häuser
2023-02-03 8:28 ` Ard Biesheuvel
2023-02-03 8:34 ` Marvin Häuser
2023-02-02 18:03 ` Ard Biesheuvel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230202180335.2256160-4-ardb@kernel.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox