回复: [edk2-devel] [PATCH v3 0/4] Enable BTI support in memory attributes table

gaoliming via groups.io gaoliming=byosoft.com.cn at groups.io
Thu Apr 6 01:33:53 UTC 2023 

Ard:
 Can you submit one BZ for this new feature? I will add it into the stable tag feature planning. 

 For this patch set, Reviewed-by: Liming Gao <gaoliming at byosoft.com.cn>

Thanks
Liming
> -----邮件原件-----
> 发件人: devel at edk2.groups.io <devel at edk2.groups.io> 代表 Ard
> Biesheuvel
> 发送时间: 2023年4月4日 23:40
> 收件人: devel at edk2.groups.io
> 抄送: Ard Biesheuvel <ardb at kernel.org>; Michael Kinney
> <michael.d.kinney at intel.com>; Liming Gao <gaoliming at byosoft.com.cn>;
> Jiewen Yao <jiewen.yao at intel.com>; Michael Kubacki
> <michael.kubacki at microsoft.com>; Sean Brogan
> <sean.brogan at microsoft.com>; Rebecca Cran <quic_rcran at quicinc.com>;
> Leif Lindholm <quic_llindhol at quicinc.com>; Sami Mujawar
> <sami.mujawar at arm.com>; Taylor Beebe <t at taylorbeebe.com>; Marvin
> Häuser <mhaeuser at posteo.de>; Bob Feng <bob.c.feng at intel.com>; Oliver
> Smith-Denny <osde at linux.microsoft.com>
> 主题: [edk2-devel] [PATCH v3 0/4] Enable BTI support in memory attributes
> table
> 
> Implement version 2 of the memory attributes table, which now contains a
> 
> flag informing the OS whether or not code regions may be mapped with CFI
> 
> mitigations such as IBT or BTI enabled.
> 
> 
> 
> This series covers the remaining parts after the AArch64 specific
> 
> changes were merged:
> 
> 
> 
> - Update the BaseTools to emit the appropriate PE/COFF annotation when a
> 
>   BTI/IBT compatible ELF executable is converted to PE/COFF
> 
> - Take this PE/COFF annotation into account when populating the memory
> 
>   attributes table in the DXE core
> 
> 
> 
> TODO:
> 
> - X64 changes to make the code IBT compatible and emit the ELF note
> 
> - Figure out how to generate such executables with native PE toolchains
> 
> - Implement BTI/IBT enforcement at boot time - this is something I
> 
>   intend to look into next.
> 
> 
> 
> Can be tested with the CLANG38 toolchain (both Clang compiler and LLD
> 
> linker, version 3.8 or newer) with the following build options.
> 
> 
> 
> [BuildOptions]
> 
>   GCC:*_*_AARCH64_PP_FLAGS = -mbranch-protection=bti
> 
>   GCC:*_*_AARCH64_CC_FLAGS = -mbranch-protection=bti
> 
>   GCC:*_*_AARCH64_DLINK_FLAGS = -fuse-ld=lld
> -Wl,--no-relax,--no-pie,-z,bti-report=error
> 
> 
> 
> Changes since v2:
> 
> - increase DllCharacteristicsEx field to 4 bytes
> 
> - add Oliver's Rb
> 
> 
> 
> If no comments or objections have been raised by the end of the week, I
> 
> will go ahead and merge this - thanks.
> 
> 
> 
> Cc: Michael Kinney <michael.d.kinney at intel.com>
> 
> Cc: Liming Gao <gaoliming at byosoft.com.cn>
> 
> Cc: Jiewen Yao <jiewen.yao at intel.com>
> 
> Cc: Michael Kubacki <michael.kubacki at microsoft.com>
> 
> Cc: Sean Brogan <sean.brogan at microsoft.com>
> 
> Cc: Rebecca Cran <quic_rcran at quicinc.com>
> 
> Cc: Leif Lindholm <quic_llindhol at quicinc.com>
> 
> Cc: Sami Mujawar <sami.mujawar at arm.com>
> 
> Cc: Taylor Beebe <t at taylorbeebe.com>
> 
> Cc: Marvin Häuser <mhaeuser at posteo.de>
> 
> Cc: Bob Feng <bob.c.feng at intel.com>
> 
> Cc: Oliver Smith-Denny <osde at linux.microsoft.com>
> 
> 
> 
> Ard Biesheuvel (4):
> 
>   BaseTools/GenFw: Parse IBT/BTI support status from ELF note
> 
>   BaseTools/GenFw: Add DllCharacteristicsEx field to debug data
> 
>   MdePkg/PeCoffLib: Capture DLL characteristics fields in image context
> 
>   MdeModulePkg: Enable forward edge CFI in mem attributes table
> 
> 
> 
>  BaseTools/Source/C/GenFw/Elf64Convert.c               | 104
> +++++++++++++++++---
> 
>  BaseTools/Source/C/GenFw/GenFw.c                      |   3 +-
> 
>  BaseTools/Source/C/GenFw/elf_common.h                 |   9 ++
> 
>  BaseTools/Source/C/Include/IndustryStandard/PeImage.h |  13 ++-
> 
>  MdeModulePkg/Core/Dxe/DxeMain.h                       |   2 +
> 
>  MdeModulePkg/Core/Dxe/Image/Image.c                   |  10 ++
> 
>  MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c    |   8 +-
> 
>  MdePkg/Include/IndustryStandard/PeImage.h             |  13 ++-
> 
>  MdePkg/Include/Library/PeCoffLib.h                    |   6 ++
> 
>  MdePkg/Library/BasePeCoffLib/BasePeCoff.c             |  46
> ++++++---
> 
>  10 files changed, 186 insertions(+), 28 deletions(-)
> 
> 
> 
> --
> 
> 2.39.2
> 
> 
> 
> 
> 
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#102491):
> https://edk2.groups.io/g/devel/message/102491
> Mute This Topic: https://groups.io/mt/98062730/4905953
> Group Owner: devel+owner at edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [gaoliming at byosoft.com.cn]
> -=-=-=-=-=-=
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#102582): https://edk2.groups.io/g/devel/message/102582
Mute This Topic: https://groups.io/mt/98096794/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list