On Mon, Mar 27, 2023 at 13:01:06 +0200, Ard Biesheuvel wrote:
> The ELF based toolchains use objcopy to create HII object files, which
> contain only a single .hii section. This means no GNU note is inserted
> that describes the object as compatible with BTI, even though the lack
> of executable code in such an object makes the distinction irrelevant.
> However, the linker will not add the note globally to the resulting ELF
> executable, and this breaks BTI compatibility.
>
> So let's insert a GNU BTI-compatible ELF note by hand when generating
> such object files.
>
> Signed-off-by: Ard Biesheuvel <a...@kernel.org>
> ---
> ArmPkg/Library/GnuNoteBti.bin | Bin 0 -> 32 bytes
> BaseTools/Conf/tools_def.template | 4 ++--
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/ArmPkg/Library/GnuNoteBti.bin b/ArmPkg/Library/GnuNoteBti.bin
> new file mode 100644
> index
> 0000000000000000000000000000000000000000..339567b4e89943c610b44767ddad5f631229ed3b
> GIT binary patch
> literal 32
> dcmZQ!U|<jcVpbq__X`D*3<p?%1S5zA1OOf&0m%RW
>
> literal 0
> HcmV?d00001
>
> diff --git a/BaseTools/Conf/tools_def.template
> b/BaseTools/Conf/tools_def.template
> index 471eb67c0c839730..ed6050aa96157cb9 100755
> --- a/BaseTools/Conf/tools_def.template
> +++ b/BaseTools/Conf/tools_def.template
> @@ -2400,7 +2400,7 @@ RELEASE_GCC5_ARM_DLINK_FLAGS =
> DEF(GCC5_ARM_DLINK_FLAGS) -flto -Os -L$(WORKS
> *_GCC5_AARCH64_DTCPP_FLAGS = DEF(GCC_DTCPP_FLAGS)
> *_GCC5_AARCH64_PLATFORM_FLAGS =
> *_GCC5_AARCH64_PP_FLAGS = $(PLATFORM_FLAGS) DEF(GCC_PP_FLAGS)
> -*_GCC5_AARCH64_RC_FLAGS = DEF(GCC_AARCH64_RC_FLAGS)
> +*_GCC5_AARCH64_RC_FLAGS = DEF(GCC_AARCH64_RC_FLAGS) --add-section
> .note.gnu.property=$(WORKSPACE)/ArmPkg/Library/GnuNoteBti.bin
> --set-section-flags .note.gnu.property=alloc,readonly
> *_GCC5_AARCH64_VFRPP_FLAGS = $(PLATFORM_FLAGS) DEF(GCC_VFRPP_FLAGS)
> *_GCC5_AARCH64_CC_XIPFLAGS = DEF(GCC5_AARCH64_CC_XIPFLAGS)
>
> @@ -2735,7 +2735,7 @@ DEFINE CLANG38_AARCH64_DLINK_FLAGS =
> DEF(CLANG38_AARCH64_TARGET) DEF(GCC_AARCH6
> *_CLANG38_AARCH64_DLINK2_FLAGS = DEF(GCC_DLINK2_FLAGS_COMMON)
> -Wl,--defsym=PECOFF_HEADER_SIZE=0x228
> *_CLANG38_AARCH64_PLATFORM_FLAGS =
> *_CLANG38_AARCH64_PP_FLAGS = DEF(GCC_PP_FLAGS)
> DEF(CLANG38_AARCH64_TARGET) $(PLATFORM_FLAGS)
> -*_CLANG38_AARCH64_RC_FLAGS = DEF(GCC_AARCH64_RC_FLAGS)
> +*_CLANG38_AARCH64_RC_FLAGS = DEF(GCC_AARCH64_RC_FLAGS) --add-section
> .note.gnu.property=$(WORKSPACE)/ArmPkg/Library/GnuNoteBti.bin
> --set-section-flags .note.gnu.property=alloc,readonly
Bikeshedding, but could we have an AARCH64_BTI_RC_FLAGS or something
set, which is expanded for each toolchain profile? I think this is
esoteric enough that it's helpful to group just the
bti-note-incantations together in a single place.
/
Leif
> *_CLANG38_AARCH64_VFRPP_FLAGS = DEF(GCC_VFRPP_FLAGS)
> DEF(CLANG38_AARCH64_TARGET) $(PLATFORM_FLAGS)
> *_CLANG38_AARCH64_ASLPP_FLAGS = DEF(GCC_ASLPP_FLAGS)
> DEF(CLANG38_AARCH64_TARGET)
> *_CLANG38_AARCH64_CC_XIPFLAGS = DEF(GCC_AARCH64_CC_XIPFLAGS)
> --
> 2.39.2
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101953): https://edk2.groups.io/g/devel/message/101953
Mute This Topic: https://groups.io/mt/97879294/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe:
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
