Add a build option RUNTIME_BTI_ENABLE, and wire it up to the command line options passed to the compiler to get it to emit BTI landing pads into all modules. Note that runtime DXE modules may incorporate libraries of type BASE, UEFI_DRIVER or DXE_DRIVER, so the only safe option here is to apply the command line option to all types.
Signed-off-by: Ard Biesheuvel <a...@kernel.org> --- ArmVirtPkg/ArmVirt.dsc.inc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 74d98e6314c4..9cb37f3d46a3 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -10,6 +10,7 @@ [Defines] DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F + DEFINE RUNTIME_BTI_ENABLE = FALSE !if $(TARGET) != NOOPT DEFINE FD_SIZE_IN_MB = 2 @@ -33,6 +34,11 @@ [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000 GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x10000 +[BuildOptions] +!if $(RUNTIME_BTI_ENABLE) == TRUE + GCC:*_*_AARCH64_CC_FLAGS = -mbranch-protection=bti +!endif + [LibraryClasses.common] !if $(TARGET) == RELEASE DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99574): https://edk2.groups.io/g/devel/message/99574 Mute This Topic: https://groups.io/mt/96721191/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
