Hi Feng,
To my understanding clang cfi is a "soft approach" to control flow integrity, adding run time checks (with a side effect of making the binary grow). It requires link-time-optimization (LTO) which I'm unsure is supported by TF-A (?) Also I wonder what would be the default handler/behavior for a CFI 'exception' (does it just panic?) On the other side, Arm implements HW mitigations such as pointer authentication or BTI (resp. Armv8.3/Armv8.5) helping with certain classes of CFI problems. TF-A supports both but obviously this requires recent HW implementing those features. I cannot tell which are pros/cons of using one or the other. Perhaps it is reasonable to use clang cfi for HW not supporting PAuth/BTI? But this may become more an overhead on recent chipsets when BTI/PAuth are enabled?
Are you suggesting you have patches/early work to share? Or are you polling the community for interest?
Regards, Olivier.
________________________________________ From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of chen feng via TF-A tf-a@lists.trustedfirmware.org Sent: 25 October 2021 16:58 To: tf-a@lists.trustedfirmware.org Subject: [TF-A] CFI in tf-a
I want to know if we have a chance to support the compiler-based CFI(eg clang cfi, kernel support it.) function in tf-a. I want to know that is anyone doing this, or if everyone is interested in this?
Cheers, Feng