From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=ACWD=AF=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BEDD6C433E0
	for <linux-arm-kernel@archiver.kernel.org>; Wed, 24 Jun 2020 15:33:14 +0000 (UTC)
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 8892B206FA
	for <linux-arm-kernel@archiver.kernel.org>; Wed, 24 Jun 2020 15:33:14 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="lIv3gIwL";
	dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="1/gbox5R"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8892B206FA
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From:In-Reply-To:
	References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=+u4lIiwddGAiwbJMRYEESaijsf3c6ciL4LwtOWqyg7Y=; b=lIv3gIwLwxqLnxN2ABh6WPFt7
	bPYXgYJH7g/jKIdqFuzR61+6a41HE6u9LI18LhkY/gpLzEFa4bJf69SrkyHXOpQumhGM9vtmBypyK
	Yj90+Qt81JARGgmbRs8x/PmTH05lgPYq6juHaKkO5Mx14GdfhkAX+zHGG9x+Guwpi7j130wrdE2dJ
	3jkUl/aRNsEl2S8FTqMGgloJ33RdSERmpmDanMSyKC+KaCv/O43rIj8Q7UI4ZjLPDtNChqG34QN17
	ZzJHY9YQXrpUE80EjFpR5zxcq5gYsWEytwLdhrgS+7wct5U+azn/rNvilPsptUqvPjvRA9T06Y0RU
	tuE71HHnA==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1jo7Mz-0000wG-4X; Wed, 24 Jun 2020 15:31:25 +0000
Received: from mail.kernel.org ([198.145.29.99])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1jo7Mt-0000uv-Gg
 for linux-arm-kernel@lists.infradead.org; Wed, 24 Jun 2020 15:31:20 +0000
Received: from mail-oi1-f171.google.com (mail-oi1-f171.google.com
 [209.85.167.171])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.kernel.org (Postfix) with ESMTPSA id A86B220CC7
 for <linux-arm-kernel@lists.infradead.org>;
 Wed, 24 Jun 2020 15:31:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=default; t=1593012678;
 bh=/XOHUfqgbkJQ/VFuvcNxNCzM8LEt5wElAfbZZ/I0QOw=;
 h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
 b=1/gbox5RlRrTg4kiGntX+1BFq5EOO4rauIXcE4/g/S2HjduHZ27HO7Fjy+HijbTVB
 sVuOiSgFcgbSQ3pmCbbNxTv8ndSCUbtspQ8cQSVbB0+WOhS45jjaDROjbJheaBvJPx
 Jp7yfm6yZTnYcCEC/Dzy+L1wptwcf9GX1xIrcY+o=
Received: by mail-oi1-f171.google.com with SMTP id l63so2136881oih.13
 for <linux-arm-kernel@lists.infradead.org>;
 Wed, 24 Jun 2020 08:31:18 -0700 (PDT)
X-Gm-Message-State: AOAM531alNOlf+GMDfbotGv5g3LRkvS2fYie2xqzduiZ2Xmi42llTGaO
 p6+mO8QGwlSNxbc0SIHHM48q/+Eonezsi0O4XtU=
X-Google-Smtp-Source: ABdhPJyrGY95Bb0CTBeTb4CjO3FI7dpKNkRH6VdRIt+LCKBsYjwk4gHaFIm8ccr4EwcCcNYIphYlt47P29XWTXpZnCA=
X-Received: by 2002:aca:b241:: with SMTP id b62mr19630758oif.47.1593012677928; 
 Wed, 24 Jun 2020 08:31:17 -0700 (PDT)
MIME-Version: 1.0
References: <20200624014940.1204448-1-keescook@chromium.org>
 <20200624014940.1204448-4-keescook@chromium.org>
 <20200624033142.cinvg6rbg252j46d@google.com>
 <202006232143.66828CD3@keescook> <20200624104356.GA6134@willie-the-truck>
 <CAMj1kXHBT4ei0xhyL4jD7=CNRsn1rh7w6jeYDLjVOv4na0Z38Q@mail.gmail.com>
 <202006240820.A3468F4@keescook>
In-Reply-To: <202006240820.A3468F4@keescook>
From: Ard Biesheuvel <ardb@kernel.org>
Date: Wed, 24 Jun 2020 17:31:06 +0200
X-Gmail-Original-Message-ID: <CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com>
Message-ID: <CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@mail.gmail.com>
Subject: Re: [PATCH v3 3/9] efi/libstub: Remove .note.gnu.property
To: Kees Cook <keescook@chromium.org>
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Mark Rutland <mark.rutland@arm.com>,
 linux-arch <linux-arch@vger.kernel.org>, linux-efi <linux-efi@vger.kernel.org>,
 Arnd Bergmann <arnd@arndb.de>, Fangrui Song <maskray@google.com>,
 Peter Collingbourne <pcc@google.com>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Masahiro Yamada <masahiroy@kernel.org>, X86 ML <x86@kernel.org>,
 Nick Desaulniers <ndesaulniers@google.com>,
 Russell King <linux@armlinux.org.uk>,
 Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
 clang-built-linux <clang-built-linux@googlegroups.com>,
 Arvind Sankar <nivedita@alum.mit.edu>, Ingo Molnar <mingo@redhat.com>,
 James Morse <james.morse@arm.com>, Thomas Gleixner <tglx@linutronix.de>,
 Borislav Petkov <bp@suse.de>, Will Deacon <will@kernel.org>,
 Nathan Chancellor <natechancellor@gmail.com>,
 Linux ARM <linux-arm-kernel@lists.infradead.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

On Wed, 24 Jun 2020 at 17:21, Kees Cook <keescook@chromium.org> wrote:
>
> On Wed, Jun 24, 2020 at 12:46:32PM +0200, Ard Biesheuvel wrote:
> > I'm not sure if there is a point to having PAC and/or BTI in the EFI
> > stub, given that it runs under the control of the firmware, with its
> > memory mappings and PAC configuration etc.
>
> Is BTI being ignored when the firmware runs?
>

Given that it requires the 'guarded' attribute to be set in the page
tables, and the fact that the UEFI spec does not require it for
executables that it invokes, nor describes any means of annotating
such executables as having been built with BTI annotations, I think we
can safely assume that the EFI stub will execute with BTI disabled in
the foreseeable future.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel