aboutsummaryrefslogtreecommitdiff
path: root/EfiGuardDxe/X64
diff options
context:
space:
mode:
Diffstat (limited to 'EfiGuardDxe/X64')
-rw-r--r--EfiGuardDxe/X64/Cet.asm37
-rw-r--r--EfiGuardDxe/X64/Cet.nasm36
2 files changed, 73 insertions, 0 deletions
diff --git a/EfiGuardDxe/X64/Cet.asm b/EfiGuardDxe/X64/Cet.asm
new file mode 100644
index 0000000..74433c2
--- /dev/null
+++ b/EfiGuardDxe/X64/Cet.asm
@@ -0,0 +1,37 @@
+MSR_S_CET EQU 6A2h
+MSR_S_CET_SH_STK_EN EQU 1
+CR4_CET EQU (1 SHL 23)
+N_CR4_CET EQU 23
+
+.code
+
+align 16
+AsmDisableCet PROC
+ mov ecx, MSR_S_CET
+ rdmsr
+ test al, MSR_S_CET_SH_STK_EN
+ jz @F ; if z, shadow stack not enabled
+
+ ; Pop pushed data for 'call'
+ mov rax, 1
+ incsspq rax
+
+@@:
+ mov rax, cr4
+ btr eax, N_CR4_CET ; clear CR4_CET
+ mov cr4, rax
+ ret
+AsmDisableCet ENDP
+
+align 16
+AsmEnableCet PROC
+ mov rax, cr4
+ bts eax, N_CR4_CET ; set CR4_CET
+ mov cr4, rax
+
+ ; Use jmp to skip check for 'ret'
+ pop rax
+ jmp rax
+AsmEnableCet ENDP
+
+end
diff --git a/EfiGuardDxe/X64/Cet.nasm b/EfiGuardDxe/X64/Cet.nasm
new file mode 100644
index 0000000..b93ca16
--- /dev/null
+++ b/EfiGuardDxe/X64/Cet.nasm
@@ -0,0 +1,36 @@
+%define MSR_S_CET 0x6A2
+%define MSR_S_CET_SH_STK_EN 0x1
+%define CR4_CET (1 << 23)
+%define N_CR4_CET 23
+
+DEFAULT REL
+SECTION .text
+
+align 16
+global ASM_PFX(AsmDisableCet)
+ASM_PFX(AsmDisableCet):
+ mov ecx, MSR_S_CET
+ rdmsr
+ test al, MSR_S_CET_SH_STK_EN
+ jz .SsDone ; if z, shadow stack not enabled
+
+ ; Pop pushed data for 'call'
+ mov rax, 1
+ incsspq rax
+
+.SsDone:
+ mov rax, cr4
+ btr eax, N_CR4_CET ; clear CR4_CET
+ mov cr4, rax
+ ret
+
+align 16
+global ASM_PFX(AsmEnableCet)
+ASM_PFX(AsmEnableCet):
+ mov rax, cr4
+ bts eax, N_CR4_CET ; set CR4_CET
+ mov cr4, rax
+
+ ; Use jmp to skip check for 'ret'
+ pop rax
+ jmp rax
Powered by cgit, Themed by Ted Yin.