diff options
| author | Ard Biesheuvel <ardb@google.com> | 2023-02-01 14:26:22 +0100 |
|---|---|---|
| committer | Ard Biesheuvel <ardb@google.com> | 2023-02-01 14:26:22 +0100 |
| commit | 0ad8ca65a300fafed78242bc7d8dd51b4cceda10 (patch) | |
| tree | be460dc08347651cbc53e640573b2b6010af58c9 | |
| parent | 7ddf353707103aeb725380292b16a8255875f19b (diff) | |
| download | efilite-0ad8ca65a300fafed78242bc7d8dd51b4cceda10.tar.gz | |
Enable BTI and expose it in the EFI memory attributes table
| -rw-r--r-- | .cargo/config | 2 | ||||
| -rw-r--r-- | Cargo.toml | 2 | ||||
| -rw-r--r-- | src/efi/mod.rs | 55 |
3 files changed, 55 insertions, 4 deletions
diff --git a/.cargo/config b/.cargo/config index 7747509..61914ed 100644 --- a/.cargo/config +++ b/.cargo/config @@ -1,6 +1,6 @@ [target.aarch64-unknown-linux-gnu] rustflags = ["-C", "relocation-model=static", "-C", "link-arg=-Wl,-Tsrc/efilite.lds,--orphan-handling=error", "-C", "link-arg=-nostartfiles", - "-C", "target-feature=+crc,+rand"] + "-C", "target-feature=+crc,+rand","-Z", "branch-protection=bti"] [build] target = "aarch64-unknown-linux-gnu" @@ -20,4 +20,4 @@ panic = "abort" [profile.release] panic = "abort" -lto = true +#lto = true # breaks BTI diff --git a/src/efi/mod.rs b/src/efi/mod.rs index 158ab91..00aea0a 100644 --- a/src/efi/mod.rs +++ b/src/efi/mod.rs @@ -3,10 +3,11 @@ // Author: Ard Biesheuvel <ardb@google.com> use crate::efi::{systemtable::*, loadedimage::*, memorytype::*}; -use crate::efi::MemoryType::{EfiBootServicesCode, EfiBootServicesData}; +use crate::efi::MemoryType::*; use crate::efi::loadedimage::EFI_LOADED_IMAGE_PROTOCOL_GUID; use crate::efi::configtable::ConfigurationTable; -use crate::DTB; +use crate::efi::memmap::*; +use crate::{DTB, RTSCODE, RTSDATA}; use crate::pecoff::Parser; @@ -81,6 +82,10 @@ pub const EFI_RT_PROPERTIES_TABLE_GUID: Guid = guid!( 0xeb66918a, 0x7eef, 0x402a, [0x84, 0x2e, 0x93, 0x1d, 0x21, 0xc3, 0x8a, 0xe9] ); +pub const EFI_MEMORY_ATTRIBUTES_TABLE_GUID: Guid = guid!( + 0xdcfa911d, 0x26eb, 0x469f, [0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20] +); + const EFI_RT_SUPPORTED_GET_TIME: u32 = 0x0001; const EFI_RT_SUPPORTED_GET_VARIABLE: u32 = 0x0010; const EFI_RT_SUPPORTED_GET_NEXT_VARIABLE_NAME: u32 = 0x0020; @@ -103,6 +108,50 @@ static RT_PROPERTIES_TABLE: RtPropertiesTable = RtPropertiesTable { EFI_RT_SUPPORTED_RESET_SYSTEM, }; +const EFI_MEMORY_ATTRIBUTES_FLAGS_RT_FORWARD_CONTROL_FLOW_GUARD: u32 = 0x1; + +#[repr(C)] +struct MemoryAttributesTable { + version: u32, + number_of_entries: u32, + descriptor_size: u32, + flags: u32, + entry: [MemoryDescriptor; 2] +} + +impl MemoryAttributesTable { + pub fn new() -> &'static MemoryAttributesTable { + let m = alloc::boxed::Box::new(MemoryAttributesTable { + version: 2, + number_of_entries: 2, + descriptor_size: core::mem::size_of::<MemoryDescriptor>() as u32, + flags: + EFI_MEMORY_ATTRIBUTES_FLAGS_RT_FORWARD_CONTROL_FLOW_GUARD, + entry: [ + MemoryDescriptor { + r#type: EfiRuntimeServicesCode, + physical_start: unsafe { RTSCODE.as_ptr() } as u64, + virtual_start: 0x0, + number_of_pages: unsafe { + core::mem::size_of_val(&RTSCODE) as u64 >> EFI_PAGE_SHIFT + }, + attribute: EFI_MEMORY_RO, + }, + MemoryDescriptor { + r#type: EfiRuntimeServicesData, + physical_start: unsafe { RTSDATA.as_ptr() } as u64, + virtual_start: 0x0, + number_of_pages: unsafe { + core::mem::size_of_val(&RTSDATA) as u64 >> EFI_PAGE_SHIFT + }, + attribute: EFI_MEMORY_XP, + } + ], + }); + alloc::boxed::Box::leak(m) + } +} + pub(crate) use guid; type ProtocolDb = BTreeMap::<(Handle, Guid), *const ()>; @@ -123,6 +172,8 @@ pub fn init() { &RT_PROPERTIES_TABLE as *const _ as *const ()); install_configtable(&DTB_GUID, unsafe { DTB.as_ptr() } as *const ()); + install_configtable(&EFI_MEMORY_ATTRIBUTES_TABLE_GUID, + MemoryAttributesTable::new() as *const _ as *const ()); } pub fn install_protocol<T>( |