From: "CKI@GitLab" cki-project@redhat.com

Hi,

As part of the ongoing rebase effort, the following configuration options need to be reviewed.

As a reminder, the ARK configuration flow involves moving unreviewed configuration options from the pending directory to the ark directory. In the diff below, options are removed from the pending directory and added to the ark hierarchy. The final options that need to be ACKed are the files that are being added to the ark hierarchy.

If the value for a file that is added should be changed, please reply with a better option.

CONFIG_ARM64_BTI:

Branch Target Identification (part of the ARMv8.5 Extensions) provides a mechanism to limit the set of locations to which computed branch instructions such as BR or BLR can jump.

To make use of BTI on CPUs that support it, say Y.

BTI is intended to provide complementary protection to other control flow integrity protection mechanisms, such as the Pointer authentication mechanism provided as part of the ARMv8.3 Extensions. For this reason, it does not make sense to enable this option without also enabling support for pointer authentication. Thus, when enabling this option you should also select ARM64_PTR_AUTH=y.

Userspace binaries must also be specifically compiled to make use of this mechanism. If you say N here or the hardware does not support BTI, such binaries can still run, but you get no additional enforcement of branch destinations.

Symbol: ARM64_BTI [=y] Type : bool Defined at arch/arm64/Kconfig:1594 Prompt: Branch Target Identification support Location: -> Kernel Features -> ARMv8.5 architectural features

---

Cc: Mark Salter msalter@redhat.com Signed-off-by: CKI@GitLab cki-project@redhat.com --- .../configs/common/generic/CONFIG_ARM64_BTI | 1 + .../pending-common/generic/CONFIG_ARM64_BTI | 31 ------------------- 2 files changed, 1 insertion(+), 31 deletions(-) create mode 100644 redhat/configs/common/generic/CONFIG_ARM64_BTI delete mode 100644 redhat/configs/pending-common/generic/CONFIG_ARM64_BTI

diff --git a/redhat/configs/common/generic/CONFIG_ARM64_BTI b/redhat/configs/common/generic/CONFIG_ARM64_BTI new file mode 100644 index 000000000000..fb0274de0d49 --- /dev/null +++ b/redhat/configs/common/generic/CONFIG_ARM64_BTI @@ -0,0 +1 @@ +CONFIG_ARM64_BTI=y diff --git a/redhat/configs/pending-common/generic/CONFIG_ARM64_BTI b/redhat/configs/pending-common/generic/CONFIG_ARM64_BTI deleted file mode 100644 index 5af4d535b648..000000000000 --- a/redhat/configs/pending-common/generic/CONFIG_ARM64_BTI +++ /dev/null @@ -1,31 +0,0 @@ -# CONFIG_ARM64_BTI: -# -# Branch Target Identification (part of the ARMv8.5 Extensions) -# provides a mechanism to limit the set of locations to which computed -# branch instructions such as BR or BLR can jump. -# -# To make use of BTI on CPUs that support it, say Y. -# -# BTI is intended to provide complementary protection to other control -# flow integrity protection mechanisms, such as the Pointer -# authentication mechanism provided as part of the ARMv8.3 Extensions. -# For this reason, it does not make sense to enable this option without -# also enabling support for pointer authentication. Thus, when -# enabling this option you should also select ARM64_PTR_AUTH=y. -# -# Userspace binaries must also be specifically compiled to make use of -# this mechanism. If you say N here or the hardware does not support -# BTI, such binaries can still run, but you get no additional -# enforcement of branch destinations. -# -# Symbol: ARM64_BTI [=y] -# Type : bool -# Defined at arch/arm64/Kconfig:1594 -# Prompt: Branch Target Identification support -# Location: -# -> Kernel Features -# -> ARMv8.5 architectural features -# -# -# -CONFIG_ARM64_BTI=y