rpms/efivar
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Enable Intel Control-flow Enforcement Technology (CET)

Browse Source 
Resolves: rhbz#1808811

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
This commit is contained in:
Javier Martinez Canillas 2021-06-17 13:09:08 +02:00
parent eda0ac8b57
commit 3e50f21cee
No known key found for this signature in database
GPG Key ID: C751E590D63F3D69
3 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
0079-guids.S-Include-cet.h-when-CET-is-enabled.patch Normal file
View File

@ -0,0 +1,35 @@
From 478b37bcb7596ccae74565ad0a371f14b5542b54 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Sun, 1 Mar 2020 04:10:58 -0800
Subject: [PATCH] guids.S: Include <cet.h> when CET is enabled
Intel Control-flow Enforcement Technology (CET):
https://software.intel.com/en-us/articles/intel-sdm
contains shadow stack (SHSTK) and indirect branch tracking (IBT). When
CET is enabled, ELF object files must be marked with .note.gnu.property
section. CET enabled GCC provides a header file, <cet.h>, which can be
included in assembly files to generate the CET marker automatically.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
---
src/guids.S | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/guids.S b/src/guids.S
index f8541a9c874a..56356d2ce915 100644
--- a/src/guids.S
+++ b/src/guids.S
@@ -28,5 +28,8 @@ efi_well_known_names_end:
.byte 0
#if defined(__linux__) && defined(__ELF__)
+#if defined(__CET__) && (defined(__i386__) || defined(__x86_64__))
+#include <cet.h>
+#endif
.section .note.GNU-stack,"",%progbits
#endif
--
2.31.1

1
efivar.patches
View File

@ -76,3 +76,4 @@ Patch0075: 0075-Makefile-minor-typo-fix.patch
Patch0076: 0076-util.h-minor-whitespace-cleanup.patch
Patch0077: 0077-util.h-make-strdupa-and-strndupa-pass-NULL-straight-.patch
Patch0078: 0078-Update-travis-to-use-a-newer-distro.patch
Patch0079: 0079-guids.S-Include-cet.h-when-CET-is-enabled.patch

6
efivar.spec
View File

@ -1,6 +1,6 @@
Name: efivar
Version: 37
Release: 15%{?dist}
Release: 16%{?dist}
Summary: Tools to manage UEFI variables
License: LGPL-2.1
URL: https://github.com/rhboot/efivar
@ -88,6 +88,10 @@ make abicheck
%{_libdir}/*.so.*
%changelog
* Thu Jun 17 2021 Javier Martinez Canillas <javierm@redhat.com> - 37-16
- Enable Intel Control-flow Enforcement Technology (CET)
Resolves: rhbz#1808811
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org>
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild