aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--EfiGuardDxe/X64/Cet.asm25
-rw-r--r--EfiGuardDxe/X64/Cet.nasm25
-rw-r--r--EfiGuardDxe/util.c4
-rw-r--r--EfiGuardDxe/util.h4
4 files changed, 42 insertions, 16 deletions
diff --git a/EfiGuardDxe/X64/Cet.asm b/EfiGuardDxe/X64/Cet.asm
index 807fe6b..74433c2 100644
--- a/EfiGuardDxe/X64/Cet.asm
+++ b/EfiGuardDxe/X64/Cet.asm
@@ -1,24 +1,37 @@
+MSR_S_CET EQU 6A2h
+MSR_S_CET_SH_STK_EN EQU 1
+CR4_CET EQU (1 SHL 23)
+N_CR4_CET EQU 23
+
.code
-DisableCet PROC
+align 16
+AsmDisableCet PROC
+ mov ecx, MSR_S_CET
+ rdmsr
+ test al, MSR_S_CET_SH_STK_EN
+ jz @F ; if z, shadow stack not enabled
+
; Pop pushed data for 'call'
mov rax, 1
incsspq rax
+@@:
mov rax, cr4
- btr eax, 23 ; clear CR4_CET
+ btr eax, N_CR4_CET ; clear CR4_CET
mov cr4, rax
ret
-DisableCet ENDP
+AsmDisableCet ENDP
-EnableCet PROC
+align 16
+AsmEnableCet PROC
mov rax, cr4
- bts eax, 23 ; set CR4_CET
+ bts eax, N_CR4_CET ; set CR4_CET
mov cr4, rax
; Use jmp to skip check for 'ret'
pop rax
jmp rax
-EnableCet ENDP
+AsmEnableCet ENDP
end
diff --git a/EfiGuardDxe/X64/Cet.nasm b/EfiGuardDxe/X64/Cet.nasm
index c31bc07..b93ca16 100644
--- a/EfiGuardDxe/X64/Cet.nasm
+++ b/EfiGuardDxe/X64/Cet.nasm
@@ -1,21 +1,34 @@
+%define MSR_S_CET 0x6A2
+%define MSR_S_CET_SH_STK_EN 0x1
+%define CR4_CET (1 << 23)
+%define N_CR4_CET 23
+
DEFAULT REL
SECTION .text
-global ASM_PFX(DisableCet)
-ASM_PFX(DisableCet):
+align 16
+global ASM_PFX(AsmDisableCet)
+ASM_PFX(AsmDisableCet):
+ mov ecx, MSR_S_CET
+ rdmsr
+ test al, MSR_S_CET_SH_STK_EN
+ jz .SsDone ; if z, shadow stack not enabled
+
; Pop pushed data for 'call'
mov rax, 1
incsspq rax
+.SsDone:
mov rax, cr4
- btr eax, 23 ; clear CR4_CET
+ btr eax, N_CR4_CET ; clear CR4_CET
mov cr4, rax
ret
-global ASM_PFX(EnableCet)
-ASM_PFX(EnableCet):
+align 16
+global ASM_PFX(AsmEnableCet)
+ASM_PFX(AsmEnableCet):
mov rax, cr4
- bts eax, 23 ; set CR4_CET
+ bts eax, N_CR4_CET ; set CR4_CET
mov cr4, rax
; Use jmp to skip check for 'ret'
diff --git a/EfiGuardDxe/util.c b/EfiGuardDxe/util.c
index 6ff8524..e5c0166 100644
--- a/EfiGuardDxe/util.c
+++ b/EfiGuardDxe/util.c
@@ -132,7 +132,7 @@ DisableWriteProtect(
if (*WpEnabled)
{
if (*CetEnabled)
- DisableCet();
+ AsmDisableCet();
AsmWriteCr0(Cr0 & ~CR0_WP);
}
}
@@ -148,7 +148,7 @@ EnableWriteProtect(
{
AsmWriteCr0(AsmReadCr0() | CR0_WP);
if (CetEnabled)
- EnableCet();
+ AsmEnableCet();
}
}
diff --git a/EfiGuardDxe/util.h b/EfiGuardDxe/util.h
index e1a049f..371f402 100644
--- a/EfiGuardDxe/util.h
+++ b/EfiGuardDxe/util.h
@@ -70,7 +70,7 @@ PrintKernelPatchInfo(
//
VOID
EFIAPI
-DisableCet(
+AsmDisableCet(
VOID
);
@@ -79,7 +79,7 @@ DisableCet(
//
VOID
EFIAPI
-EnableCet(
+AsmEnableCet(
VOID
);
Powered by cgit, Themed by Ted Yin.