Searched hist:"8358098 b9787caab8bbc93fd78d046afaed43c16" (Results 1 – 2 of 2) sorted by relevance
| /openbmc/linux/arch/arm64/kernel/ |
| H A D | efi-header.S | diff 8358098b9787caab8bbc93fd78d046afaed43c16 Tue Apr 18 08:49:48 CDT 2023 Ard Biesheuvel <ardb@kernel.org> arm64: efi: Enable BTI codegen and add PE/COFF annotation
UEFI heavily relies on so-called protocols, which are essentially
tables populated with pointers to executable code, and these are invoked
indirectly using BR or BLR instructions.
This makes the EFI execution context vulnerable to attacks on forward
edge control flow, and so it would help if we could enable hardware
enforcement (BTI) on CPUs that implement it.
So let's no longer disable BTI codegen for the EFI stub, and set the
newly introduced PE/COFF header flag when the kernel is built with BTI
landing pads.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Mark Brown <broonie@kernel.org>
|
| /openbmc/linux/drivers/firmware/efi/libstub/ |
| H A D | Makefile | diff 8358098b9787caab8bbc93fd78d046afaed43c16 Tue Apr 18 08:49:48 CDT 2023 Ard Biesheuvel <ardb@kernel.org> arm64: efi: Enable BTI codegen and add PE/COFF annotation
UEFI heavily relies on so-called protocols, which are essentially
tables populated with pointers to executable code, and these are invoked
indirectly using BR or BLR instructions.
This makes the EFI execution context vulnerable to attacks on forward
edge control flow, and so it would help if we could enable hardware
enforcement (BTI) on CPUs that implement it.
So let's no longer disable BTI codegen for the EFI stub, and set the
newly introduced PE/COFF header flag when the kernel is built with BTI
landing pads.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Mark Brown <broonie@kernel.org>
|