Re: [edk2-devel] [RFC PATCH v2 7/7] ArmVirtPkg: Implement BTI for runtime regions

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Ard Biesheuvel" <ardb@kernel.org>
To: Michael Brown <mcb30@ipxe.org>
Cc: devel@edk2.groups.io,
	"Michael Kinney" <michael.d.kinney@intel.com>,
	"Liming Gao" <gaoliming@byosoft.com.cn>,
	"Jiewen Yao" <jiewen.yao@intel.com>,
	"Michael Kubacki" <michael.kubacki@microsoft.com>,
	"Sean Brogan" <sean.brogan@microsoft.com>,
	"Rebecca Cran" <quic_rcran@quicinc.com>,
	"Leif Lindholm" <quic_llindhol@quicinc.com>,
	"Sami Mujawar" <sami.mujawar@arm.com>,
	"Taylor Beebe" <t@taylorbeebe.com>,
	"Marvin Häuser" <mhaeuser@posteo.de>
Subject: Re: [edk2-devel] [RFC PATCH v2 7/7] ArmVirtPkg: Implement BTI for runtime regions
Date: Fri, 3 Feb 2023 13:55:57 +0100	[thread overview]
Message-ID: <CAMj1kXGnBi-o_oNV+BwUmK947M6wt_ObAjX-e7S75rGHEcx9Pw@mail.gmail.com> (raw)
In-Reply-To: <0102018617449762-c2f2f6c3-1532-41d5-ae76-d7c63ee61d49-000000@eu-west-1.amazonses.com>

On Fri, 3 Feb 2023 at 13:33, Michael Brown <mcb30@ipxe.org> wrote:
>
> On 03/02/2023 12:10, Ard Biesheuvel wrote:
> > +[BuildOptions]
> > +!if $(RUNTIME_BTI_ENABLE) == TRUE
> > +  GCC:*_*_AARCH64_CC_FLAGS = -mbranch-protection=bti
> > +!endif
>
> Question: as a producer of externally loaded UEFI binaries (e.g.
> ipxe.efi): what would I need to do to take advantage of BTI?
>
> I'm assuming:
>
> - enable -mbranch-protection=bti in my builds (easy)
>
> - wait for PE/COFF specification change and then update my produced
> images to include whatever flag gets decided upon.
>
> Is that correct?
>

First of all, in case you missed this, the series in question only
covers runtime DXE drivers, i.e., the code that persists after
ExitBootServices() and gets mapped by the OS and called to access the
variable store. So iPXE should not be affected at all by these
changes.

So building your code with branch protection enabled is not going to
have any benefit until we decide how to deploy this at boot time, and
I think the conclusion on this thread is already that the only
meaningful way to do this is to introduce a PE/COFF image flag that
indicates whether or not a certain image was built with indirect
branch protection.

I could also imagine that, at boot time, it would be feasible to apply
these protections at image granularity, rather than as a global
switch, given that (at least on ARM) these mitigations can be enabled
on a per-page basis, and there is no need to turn it off completely
when, say, the GOP driver on the video card does not support it.

I am not aware of any discussion around this, though - I hope we can
get the right folks at MS involved to drive the PE/COFF side of this
and then, I am more than happy to take (joint) ownership of this on
the Tianocore side, and hammer something out that works for everyone.

Jiewen, Mike; could you comment on the IBT side? Does x86 permit IBT
enforcement on a per-page basis as well? Could we feasibly add this to
the code/data rx/rw remapping code, to enable indirect branch
protection as each image is loaded by the DXE core?

So to answer your question: yes.

next prev parent reply	other threads:[~2023-02-03 12:56 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-03 12:10 [RFC PATCH v2 0/7] enable IBT/BTI codegen and reporting to the OS Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 1/7] MdePkg: Update MemoryAttributesTable to v2.10 Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 2/7] MdePkg/BasePeCoffLib: Move RISC-V definitions out of generic header Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 3/7] MdePkg/BasePeCoffLib: Clean up stale Itanium references in comments Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 4/7] MdePkg/BasePeCoffLib: Add generic plumbing to detect IBT/BTI support Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 5/7] MdePkg/BasePeCoffLib AARCH64: Implement fwd control flow guard detection Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 6/7] MdeModulePkg: Enable forward edge CFI in mem attributes table Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 7/7] ArmVirtPkg: Implement BTI for runtime regions Ard Biesheuvel
2023-02-03 12:33   ` [edk2-devel] " Michael Brown
2023-02-03 12:55     ` Ard Biesheuvel [this message]
2023-02-03 12:58       ` Michael Brown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMj1kXGnBi-o_oNV+BwUmK947M6wt_ObAjX-e7S75rGHEcx9Pw@mail.gmail.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox