On Wed, Mar 11, 2020 at 07:26:08PM +0000, Mark Brown wrote: > From: Dave Martin <Dave.Martin@xxxxxxx> > > Now that the code for userspace BTI support is in the kernel add the > Kconfig entry so that it can be built and used. > > [Split out of "arm64: Basic Branch Target Identification support" -- > broonie] > > Signed-off-by: Dave Martin <Dave.Martin@xxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees > Signed-off-by: Mark Brown <broonie@xxxxxxxxxx> > --- > arch/arm64/Kconfig | 22 ++++++++++++++++++++++ > 1 file changed, 22 insertions(+) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 8a15bc68dadd..d65d226a77ec 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1522,6 +1522,28 @@ endmenu > > menu "ARMv8.5 architectural features" > > +config ARM64_BTI > + bool "Branch Target Identification support" > + default y > + help > + Branch Target Identification (part of the ARMv8.5 Extensions) > + provides a mechanism to limit the set of locations to which computed > + branch instructions such as BR or BLR can jump. > + > + To make use of BTI on CPUs that support it, say Y. > + > + BTI is intended to provide complementary protection to other control > + flow integrity protection mechanisms, such as the Pointer > + authentication mechanism provided as part of the ARMv8.3 Extensions. > + For this reason, it does not make sense to enable this option without > + also enabling support for pointer authentication. Thus, when > + enabling this option you should also select ARM64_PTR_AUTH=y. > + > + Userspace binaries must also be specifically compiled to make use of > + this mechanism. If you say N here or the hardware does not support > + BTI, such binaries can still run, but you get no additional > + enforcement of branch destinations. > + > config ARM64_E0PD > bool "Enable support for E0PD" > default y > -- > 2.20.1 > -- Kees Cook
