Add a build option RUNTIM_BTI_ENABLE, and wire it up to the newly added PCD that controls the value of the BTI flag in the memory attributes table, as well as the command line options passed to the compiler to get it to emit BTI landing pads in BASE and DXE_RUNTIME_DRIVER modules.
Signed-off-by: Ard Biesheuvel <a...@kernel.org> --- ArmVirtPkg/ArmVirtQemu.dsc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 0f1c6395488a..0a67fe250d86 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -32,6 +32,7 @@ [Defines] DEFINE TPM2_ENABLE = FALSE DEFINE TPM2_CONFIG_ENABLE = FALSE DEFINE CAVIUM_ERRATUM_27456 = FALSE + DEFINE RUNTIME_BTI_ENABLE = TRUE # # Network definition @@ -124,6 +125,11 @@ [BuildOptions] GCC:*_*_AARCH64_CC_XIPFLAGS == !endif +!if $(RUNTIME_BTI_ENABLE) == TRUE +[BuildOptions.common.BASE,BuildOptions.common.DXE_RUNTIME_DRIVER] + GCC:*_*_AARCH64_CC_FLAGS = -mbranch-protection=bti +!endif + !include NetworkPkg/NetworkBuildOptions.dsc.inc ################################################################################ @@ -148,6 +154,8 @@ [PcdsFeatureFlag.common] [PcdsFixedAtBuild.common] !if $(ARCH) == AARCH64 gArmTokenSpaceGuid.PcdVFPEnabled|1 + + gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryAttributesTableForwardCfi|$(RUNTIME_BTI_ENABLE) !endif gArmPlatformTokenSpaceGuid.PcdCPUCoresStackBase|0x4007c000 -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99497): https://edk2.groups.io/g/devel/message/99497 Mute This Topic: https://groups.io/mt/96705498/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
