From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web11.1552.1675361035939996971
 for <devel@edk2.groups.io>;
 Thu, 02 Feb 2023 10:03:56 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZelgYYVH;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 7D1F361C43;
	Thu,  2 Feb 2023 18:03:55 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id B022DC4339C;
	Thu,  2 Feb 2023 18:03:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1675361034;
	bh=r/IgtSSChPVzXxrLoahy9bW0w4hJ+b/Mo2RvPXvVm7I=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=ZelgYYVHZGOLNa91j1DAUbcycLFoTlYN3N7X/dqrtWcYk5/7RGON/i5YQPYTgD61p
	 HVIyhirqkIk8l9qd3B74UitIE0Pzapq5bPZR16REBAWldGhhF+wGqryNT0Qz3C3GNQ
	 0heWxI50rnD+emuNV134v7V3hLc42ZUK0P03LFpmWx/kBDuX8AjfIOduC/o13mU4xY
	 HiCCq7FZvTX0DDtjClSB3UM1+hxiBfgbstH83VInCCheN87B5vcr9Mrz5BgsPdXu0K
	 c8zeQaLMtyEGZe1cccUlpZ1t/VyYioSS/L+oC2uFX2cvYX9ETaurLu54tmckXiu4/y
	 vyAjaTe5KjIeg==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>
Subject: [RFC PATCH 3/3] ArmVirtPkg/ArmVirtQemu: Implement BTI for runtime regions
Date: Thu,  2 Feb 2023 19:03:35 +0100
Message-Id: <20230202180335.2256160-4-ardb@kernel.org>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230202180335.2256160-1-ardb@kernel.org>
References: <20230202180335.2256160-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Add a build option RUNTIM_BTI_ENABLE, and wire it up to the newly added
PCD that controls the value of the BTI flag in the memory attributes
table, as well as the command line options passed to the compiler to get
it to emit BTI landing pads in BASE and DXE_RUNTIME_DRIVER modules.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 ArmVirtPkg/ArmVirtQemu.dsc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 0f1c6395488a..0a67fe250d86 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -32,6 +32,7 @@ [Defines]
   DEFINE TPM2_ENABLE             =3D FALSE=0D
   DEFINE TPM2_CONFIG_ENABLE      =3D FALSE=0D
   DEFINE CAVIUM_ERRATUM_27456    =3D FALSE=0D
+  DEFINE RUNTIME_BTI_ENABLE      =3D TRUE=0D
 =0D
   #=0D
   # Network definition=0D
@@ -124,6 +125,11 @@ [BuildOptions]
   GCC:*_*_AARCH64_CC_XIPFLAGS =3D=3D=0D
 !endif=0D
 =0D
+!if $(RUNTIME_BTI_ENABLE) =3D=3D TRUE=0D
+[BuildOptions.common.BASE,BuildOptions.common.DXE_RUNTIME_DRIVER]=0D
+  GCC:*_*_AARCH64_CC_FLAGS =3D -mbranch-protection=3Dbti=0D
+!endif=0D
+=0D
 !include NetworkPkg/NetworkBuildOptions.dsc.inc=0D
 =0D
 ##########################################################################=
######=0D
@@ -148,6 +154,8 @@ [PcdsFeatureFlag.common]
 [PcdsFixedAtBuild.common]=0D
 !if $(ARCH) =3D=3D AARCH64=0D
   gArmTokenSpaceGuid.PcdVFPEnabled|1=0D
+=0D
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryAttributesTableForwardCfi|$(RUNT=
IME_BTI_ENABLE)=0D
 !endif=0D
 =0D
   gArmPlatformTokenSpaceGuid.PcdCPUCoresStackBase|0x4007c000=0D
--=20
2.39.1