From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.31884.1679914893223864427
 for <devel@edk2.groups.io>;
 Mon, 27 Mar 2023 04:01:33 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rM2LoAk1;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 9797E611A0;
	Mon, 27 Mar 2023 11:01:32 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 77D54C433EF;
	Mon, 27 Mar 2023 11:01:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1679914892;
	bh=+CKMYTqvRl6zptKG18T+kky8+LDqqEinS3b5oW9TdjA=;
	h=From:To:Cc:Subject:Date:From;
	b=rM2LoAk1IO8MFb17JexlDSS1TbVUToaBEFnm2Lky+e/kcDJxEPGaPt91x+066x3BF
	 zzdX0tZLeL2Xm103iBzZYQ3LJxinch7hPSXO4AC9CGAMtv2xFKra5xA7D29mR5kR94
	 E5d2Htv03oMe+CGiMjg3JzZaXJUN1Qycm1K2xqA18Pyk0N8w8wResZGyMp6R9cih4E
	 nIb7hRjVr9iRqbr/eS5iKSxH2TNRiDO3mzYkKumnUSlax/6NZ4wwandmBQjGIxbHlv
	 R8s7/1PMCxUxlMvX9B0FWwXYtlo5ix9ZZ34eYNvZ4E9Qt7+JTw0imi5KOeKDrEVRAe
	 XlGUfkqFNJ1oA==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	=?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Bob Feng <bob.c.feng@intel.com>
Subject: [PATCH v2 00/17] Enable BTI support in memory attributes table
Date: Mon, 27 Mar 2023 13:00:55 +0200
Message-Id: <20230327110112.262503-1-ardb@kernel.org>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Implement version 2 of the memory attributes table, which now contains a=0D
flag informing the OS whether or not code regions may be mapped with CFI=0D
mitigations such as IBT or BTI enabled.=0D
=0D
This series covers roughly the following parts:=0D
=0D
- (AARCH64) Annotate ELF objects generated from asm as BTI compatible=0D
  when BTI codegen is enabled=0D
- Update the BaseTools to emit the appropriate PE/COFF annotation when a=0D
  BTI/IBT compatible ELF executable is converted to PE/COFF=0D
- Take this PE/COFF annotation into account when populating the memory=0D
  attributes table in the DXE core=0D
=0D
TODO:=0D
- X64 changes to make the code IBT compatible and emit the ELF note=0D
- Figure out how to generate such executables with native PE toolchains=0D
- Implement BTI/IBT enforcement at boot time - this is something I=0D
  intend to look into next.=0D
=0D
Can be tested with the CLANG38 toolchain (both Clang compiler and LLD=0D
linker, version 3.8 or newer) with the following build options.=0D
=0D
[BuildOptions]=0D
  GCC:*_*_AARCH64_PP_FLAGS =3D -mbranch-protection=3Dbti=0D
  GCC:*_*_AARCH64_CC_FLAGS =3D -mbranch-protection=3Dbti=0D
  GCC:*_*_AARCH64_DLINK_FLAGS =3D -fuse-ld=3Dlld -Wl,--no-relax,--no-pie,-z=
,bti-report=3Derror=0D
=0D
Cc: Michael Kinney <michael.d.kinney@intel.com>=0D
Cc: Liming Gao <gaoliming@byosoft.com.cn>=0D
Cc: Jiewen Yao <jiewen.yao@intel.com>=0D
Cc: Michael Kubacki <michael.kubacki@microsoft.com>=0D
Cc: Sean Brogan <sean.brogan@microsoft.com>=0D
Cc: Rebecca Cran <quic_rcran@quicinc.com>=0D
Cc: Leif Lindholm <quic_llindhol@quicinc.com>=0D
Cc: Sami Mujawar <sami.mujawar@arm.com>=0D
Cc: Taylor Beebe <t@taylorbeebe.com>=0D
Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>=0D
Cc: Bob Feng <bob.c.feng@intel.com>=0D
=0D
Ard Biesheuvel (17):=0D
  MdePkg/ProcessorBind AARCH64: Add asm macro to emit GNU BTI note=0D
  MdePkg/BaseCpuLib AARCH64: Make asm files BTI compatible=0D
  MdePkg/BaseIoLibIntrinsic AARCH64: Make asm files BTI compatible=0D
  MdePkg/BaseLib AARCH64: Make LongJump() BTI compatible=0D
  MdePkg/BaseLib AARCH64: Make asm files BTI compatible=0D
  MdePkg/BaseMemoryLibOptDxe AARCH64: Make asm files BTI compatible=0D
  MdePkg/BaseSynchronizationLib AARCH64: Make asm files BTI compatible=0D
  MdePkg/BaseRngLib AARCH64: Make asm files BTI compatible=0D
  ArmPkg: Emit BTI opcodes when BTI codegen is enabled=0D
  ArmPkg/GccLto AARCH64: Add BTI note to LTO helper library=0D
  ArmPkg, BaseTools AARCH64: Add BTI ELF note to .hii objects=0D
  ArmPlatformPkg/PrePeiCore: Make vector table object BTI compatible=0D
  BaseTools/GenFw: Parse IBT/BTI support status from ELF note=0D
  BaseTools/GenFw: Add DllCharacteristicsEx field to debug data=0D
  MdePkg: Update MemoryAttributesTable to v2.10=0D
  MdePkg/PeCoffLib: Capture DLL characteristics fieldis in image context=0D
  MdeModulePkg: Enable forward edge CFI in mem attributes table=0D
=0D
 ArmPkg/Include/AsmMacroIoLibV8.h                                |   3 +-=0D
 ArmPkg/Library/ArmExceptionLib/AArch64/ExceptionSupport.S       |   3 +-=0D
 ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S                       |   4 +-=0D
 ArmPkg/Library/GccLto/liblto-aarch64.a                          | Bin 1016=
 -> 1128 bytes=0D
 ArmPkg/Library/GnuNoteBti.bin                                   | Bin 0 ->=
 32 bytes=0D
 ArmPlatformPkg/PrePeiCore/AArch64/Exception.S                   |   2 +=0D
 ArmVirtPkg/Library/ArmPlatformLibQemu/IdMap.S                   |   2 +=0D
 BaseTools/Conf/tools_def.template                               |   4 +-=0D
 BaseTools/Source/C/GenFw/Elf64Convert.c                         | 104 ++++=
+++++++++++++---=0D
 BaseTools/Source/C/GenFw/GenFw.c                                |   3 +-=0D
 BaseTools/Source/C/GenFw/elf_common.h                           |   9 ++=0D
 BaseTools/Source/C/Include/IndustryStandard/PeImage.h           |  13 ++-=
=0D
 MdeModulePkg/Core/Dxe/DxeMain.h                                 |   2 +=0D
 MdeModulePkg/Core/Dxe/Image/Image.c                             |  10 ++=0D
 MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c              |   8 +-=0D
 MdePkg/Include/AArch64/ProcessorBind.h                          |  31 ++++=
++=0D
 MdePkg/Include/Guid/MemoryAttributesTable.h                     |   8 +-=0D
 MdePkg/Include/IndustryStandard/PeImage.h                       |  13 ++-=
=0D
 MdePkg/Include/Library/PeCoffLib.h                              |   6 ++=0D
 MdePkg/Library/BaseCpuLib/AArch64/CpuFlushTlb.S                 |   1 +=0D
 MdePkg/Library/BaseCpuLib/AArch64/CpuSleep.S                    |   1 +=0D
 MdePkg/Library/BaseIoLibIntrinsic/AArch64/ArmVirtMmio.S         |   8 ++=0D
 MdePkg/Library/BaseLib/AArch64/CpuBreakpoint.S                  |   1 +=0D
 MdePkg/Library/BaseLib/AArch64/DisableInterrupts.S              |   1 +=0D
 MdePkg/Library/BaseLib/AArch64/EnableInterrupts.S               |   1 +=0D
 MdePkg/Library/BaseLib/AArch64/GetInterruptsState.S             |   1 +=0D
 MdePkg/Library/BaseLib/AArch64/MemoryFence.S                    |   1 +=0D
 MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S                |   5 +-=0D
 MdePkg/Library/BaseLib/AArch64/SpeculationBarrier.S             |   1 +=0D
 MdePkg/Library/BaseLib/AArch64/SwitchStack.S                    |   2 +=0D
 MdePkg/Library/BaseMemoryLibOptDxe/AArch64/CompareGuid.S        |   1 +=0D
 MdePkg/Library/BaseMemoryLibOptDxe/AArch64/CompareMem.S         |   1 +=0D
 MdePkg/Library/BaseMemoryLibOptDxe/AArch64/CopyMem.S            |   1 +=0D
 MdePkg/Library/BaseMemoryLibOptDxe/AArch64/ScanMem.S            |   1 +=0D
 MdePkg/Library/BaseMemoryLibOptDxe/AArch64/SetMem.S             |   5 +=0D
 MdePkg/Library/BasePeCoffLib/BasePeCoff.c                       |  46 ++++=
++---=0D
 MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S              |   3 +-=0D
 MdePkg/Library/BaseRngLib/AArch64/ArmRng.S                      |   1 +=0D
 MdePkg/Library/BaseSynchronizationLib/AArch64/Synchronization.S |   5 +=0D
 39 files changed, 270 insertions(+), 42 deletions(-)=0D
 create mode 100644 ArmPkg/Library/GnuNoteBti.bin=0D
=0D
-- =0D
2.39.2=0D
=0D