From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56A82C433DF for ; Wed, 24 Jun 2020 16:31:02 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1978020823 for ; Wed, 24 Jun 2020 16:31:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Lw3yYksv" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1978020823 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=dqNM1Mq4ZEcOaQhkU5KjhmFSw0ZJx6PAX5t5ZUkfjEw=; b=Lw3yYksvhSLVYJbO3+xkNqUty DWXIkvpOSktcaijxTrpkBcU8aypJaNnOXRnguIDi2nk+bY6mmxKPe/pY5NJllcWUdlnPaq11yod/6 Qk8FE86/2QOd/XhWzVr9NzHFJ95QgbfQZPCjGFRw3OesP0JycZwe3lcPFC2/rqlhlOe1KKKxY6CFu Woc9+5IJwScNt5qKXGfUV16iVzbRwperk44wB2XOAdlbff94izymw+fUjchygftnSka7Cz4f41Qvj flx4IOXMsp7A9CH7n1tXbMO4RxKhJLZYthKGLjx/NmgyoS+OPQQl9bj2OJjceBDVVNcN2mL4GilKe iJ2bIaosw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo8HA-0000rV-A8; Wed, 24 Jun 2020 16:29:28 +0000 Received: from foss.arm.com ([217.140.110.172]) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo8H6-0000q8-QU for linux-arm-kernel@lists.infradead.org; Wed, 24 Jun 2020 16:29:25 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5209A1FB; Wed, 24 Jun 2020 09:29:24 -0700 (PDT) Received: from arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8FA1B3F73C; Wed, 24 Jun 2020 09:29:21 -0700 (PDT) Date: Wed, 24 Jun 2020 17:29:19 +0100 From: Dave Martin To: Ard Biesheuvel Subject: Re: [PATCH v3 3/9] efi/libstub: Remove .note.gnu.property Message-ID: <20200624162919.GH25945@arm.com> References: <20200624014940.1204448-1-keescook@chromium.org> <20200624014940.1204448-4-keescook@chromium.org> <20200624033142.cinvg6rbg252j46d@google.com> <202006232143.66828CD3@keescook> <20200624104356.GA6134@willie-the-truck> <202006240820.A3468F4@keescook> <202006240844.7BE48D2B5@keescook> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , linux-efi , Catalin Marinas , Arvind Sankar , Will Deacon , Nathan Chancellor , linux-arch , Fangrui Song , Masahiro Yamada , X86 ML , Russell King , clang-built-linux , Ingo Molnar , Borislav Petkov , Kees Cook , Arnd Bergmann , Thomas Gleixner , Peter Collingbourne , Linux ARM , Nick Desaulniers , Linux Kernel Mailing List , James Morse Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, Jun 24, 2020 at 05:48:41PM +0200, Ard Biesheuvel wrote: > On Wed, 24 Jun 2020 at 17:45, Kees Cook wrote: > > > > On Wed, Jun 24, 2020 at 05:31:06PM +0200, Ard Biesheuvel wrote: > > > On Wed, 24 Jun 2020 at 17:21, Kees Cook wrote: > > > > > > > > On Wed, Jun 24, 2020 at 12:46:32PM +0200, Ard Biesheuvel wrote: > > > > > I'm not sure if there is a point to having PAC and/or BTI in the EFI > > > > > stub, given that it runs under the control of the firmware, with its > > > > > memory mappings and PAC configuration etc. > > > > > > > > Is BTI being ignored when the firmware runs? > > > > > > Given that it requires the 'guarded' attribute to be set in the page > > > tables, and the fact that the UEFI spec does not require it for > > > executables that it invokes, nor describes any means of annotating > > > such executables as having been built with BTI annotations, I think we > > > can safely assume that the EFI stub will execute with BTI disabled in > > > the foreseeable future. > > > > yaaaaaay. *sigh* How long until EFI catches up? > > > > That said, BTI shouldn't _hurt_, right? If EFI ever decides to enable > > it, we'll be ready? > > > > Sure. Although I anticipate that we'll need to set some flag in the > PE/COFF header to enable it, and so any BTI opcodes we emit without > that will never take effect in practice. In the meantime, it is possible to build all the in-tree parts of EFI for BTI, and just turn it off for out-of-tree EFI binaries? If there's no easy way to do this though, I guess we should wait for / push for a PE/COFF flag to describe this properly. Cheers ---Dave _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel