From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web11.9007.1675426280399303353
 for <devel@edk2.groups.io>;
 Fri, 03 Feb 2023 04:11:20 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RWNRT8n/;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 00D8F61F0E;
	Fri,  3 Feb 2023 12:11:20 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 15DD3C4339C;
	Fri,  3 Feb 2023 12:11:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1675426279;
	bh=sFm0PIs+XFUp+7PBT06tQ1aFRznYMwKTVl0WIFOyC+4=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=RWNRT8n/w33bgtDTFwAxDNqMdACc6aZ5vAsTezPs3RBd+4bhxTIggGB12LOfr2j7T
	 qk4JQsYYb2A9kG4ZJGQm4YqKt2H0ZW2SazXCyiEw8E7MKP1DSoqpdmoFPcNZreX6Py
	 glWjKYwki+g+JXhggFQMnvIM/kJmrdY3mM0iWOuQJyagBusUzxNu0hvFhm1LnkCheP
	 gza429k5MweiDmE5cKa3h40b7mIdzDxpbTURX8Gt+Pq38mPkPkfioK9E3YXVGRCXea
	 R1nv4/78rCAL5Z7ndv/+CkBRRCQVO4Nv8lv75/08iilwgvMlqF8XOoZ+eWwlP5BuLW
	 LvymheJUbCO3Q==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	=?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>
Subject: [RFC PATCH v2 7/7] ArmVirtPkg: Implement BTI for runtime regions
Date: Fri,  3 Feb 2023 13:10:29 +0100
Message-Id: <20230203121029.2451394-8-ardb@kernel.org>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org>
References: <20230203121029.2451394-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Add a build option RUNTIME_BTI_ENABLE, and wire it up to the command
line options passed to the compiler to get it to emit BTI landing pads
into all modules. Note that runtime DXE modules may incorporate
libraries of type BASE, UEFI_DRIVER or DXE_DRIVER, so the only safe
option here is to apply the command line option to all types.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 ArmVirtPkg/ArmVirt.dsc.inc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 74d98e6314c4..9cb37f3d46a3 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -10,6 +10,7 @@
 =0D
 [Defines]=0D
   DEFINE DEBUG_PRINT_ERROR_LEVEL =3D 0x8000004F=0D
+  DEFINE RUNTIME_BTI_ENABLE      =3D FALSE=0D
 =0D
 !if $(TARGET) !=3D NOOPT=0D
   DEFINE FD_SIZE_IN_MB    =3D 2=0D
@@ -33,6 +34,11 @@ [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
   GCC:*_*_ARM_DLINK_FLAGS =3D -z common-page-size=3D0x1000=0D
   GCC:*_*_AARCH64_DLINK_FLAGS =3D -z common-page-size=3D0x10000=0D
 =0D
+[BuildOptions]=0D
+!if $(RUNTIME_BTI_ENABLE) =3D=3D TRUE=0D
+  GCC:*_*_AARCH64_CC_FLAGS =3D -mbranch-protection=3Dbti=0D
+!endif=0D
+=0D
 [LibraryClasses.common]=0D
 !if $(TARGET) =3D=3D RELEASE=0D
   DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf=0D
--=20
2.39.1