From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: "Ard Biesheuvel" <ardb@kernel.org>,
"Michael Kinney" <michael.d.kinney@intel.com>,
"Liming Gao" <gaoliming@byosoft.com.cn>,
"Jiewen Yao" <jiewen.yao@intel.com>,
"Michael Kubacki" <michael.kubacki@microsoft.com>,
"Sean Brogan" <sean.brogan@microsoft.com>,
"Rebecca Cran" <quic_rcran@quicinc.com>,
"Leif Lindholm" <quic_llindhol@quicinc.com>,
"Sami Mujawar" <sami.mujawar@arm.com>,
"Taylor Beebe" <t@taylorbeebe.com>,
"Marvin Häuser" <mhaeuser@posteo.de>
Subject: [RFC PATCH v2 7/7] ArmVirtPkg: Implement BTI for runtime regions
Date: Fri, 3 Feb 2023 13:10:29 +0100 [thread overview]
Message-ID: <20230203121029.2451394-8-ardb@kernel.org> (raw)
In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org>
Add a build option RUNTIME_BTI_ENABLE, and wire it up to the command
line options passed to the compiler to get it to emit BTI landing pads
into all modules. Note that runtime DXE modules may incorporate
libraries of type BASE, UEFI_DRIVER or DXE_DRIVER, so the only safe
option here is to apply the command line option to all types.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
ArmVirtPkg/ArmVirt.dsc.inc | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 74d98e6314c4..9cb37f3d46a3 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -10,6 +10,7 @@
[Defines]
DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F
+ DEFINE RUNTIME_BTI_ENABLE = FALSE
!if $(TARGET) != NOOPT
DEFINE FD_SIZE_IN_MB = 2
@@ -33,6 +34,11 @@ [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000
GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x10000
+[BuildOptions]
+!if $(RUNTIME_BTI_ENABLE) == TRUE
+ GCC:*_*_AARCH64_CC_FLAGS = -mbranch-protection=bti
+!endif
+
[LibraryClasses.common]
!if $(TARGET) == RELEASE
DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
--
2.39.1
next prev parent reply other threads:[~2023-02-03 12:11 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-03 12:10 [RFC PATCH v2 0/7] enable IBT/BTI codegen and reporting to the OS Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 1/7] MdePkg: Update MemoryAttributesTable to v2.10 Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 2/7] MdePkg/BasePeCoffLib: Move RISC-V definitions out of generic header Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 3/7] MdePkg/BasePeCoffLib: Clean up stale Itanium references in comments Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 4/7] MdePkg/BasePeCoffLib: Add generic plumbing to detect IBT/BTI support Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 5/7] MdePkg/BasePeCoffLib AARCH64: Implement fwd control flow guard detection Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 6/7] MdeModulePkg: Enable forward edge CFI in mem attributes table Ard Biesheuvel
2023-02-03 12:10 ` Ard Biesheuvel [this message]
2023-02-03 12:33 ` [edk2-devel] [RFC PATCH v2 7/7] ArmVirtPkg: Implement BTI for runtime regions Michael Brown
2023-02-03 12:55 ` Ard Biesheuvel
2023-02-03 12:58 ` Michael Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230203121029.2451394-8-ardb@kernel.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox