CET in SMM - jljusten/tianocore GitHub Wiki
Return-oriented Programming (ROP), and similarly call/jmp-oriented programming (COP/JOP), have been the prevalent attack methodology for stealth exploit writers targeting vulnerabilities in programs.
Control-flow Enforcement Technology (CET) provides the following capabilities to defend against ROP/JOP style control-flow subversion attacks:
- Shadow Stack – return address protection to defend against Return Oriented Programming.
- Indirect branch tracking – free branch protection to defend against Jump/Call Oriented Programming.
For detail of CET, please refer to Control-flow Enforcement Technology whitepaper (https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf)
EDKII has enabled different technology for security, such as memory level protection (https://legacy.gitbook.com/book/edk2-docs/a-tour-beyond-bios-memory-protection-in-uefi-bios/details), or buffer overflow mitigation (https://legacy.gitbook.com/book/edk2-docs/a-tour-beyond-bios-mitigate-buffer-overflow-in-ue/details).
Now EDKII can use CET to enforce the control-flow as well. The current status is that EDKII enabled ShadowStatck in SMM.
This wiki page focuses on how to enable CET in SMM.
The PCD - PcdControlFlowEnforcementPropertyMask defined in MdePkg.dec(https://github.com/tianocore/edk2/blob/master/MdePkg/MdePkg.dec) to indicates the control flow enforcement enabling state.
## Indicates the control flow enforcement enabling state.
# If enabled, it uses control flow enforcement technology to prevent ROP or JOP.<BR><BR>
# BIT0 - SMM CET Shadow Stack is enabled.<BR>
# Other - reserved
# @Prompt Enable control flow enforcement.
gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask|0x0|UINT32|0x30001017
- A real platform may configure gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask in platform dsc to enable CET in SMM. A emulation platform might not be able to enable this PCD, because enabling CET required supervisor priviledge.
[PcdsFixedAtBuild.common]
gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask|0x1
NOTE: If a platform wants to enable CET, it MUST enable memory protection such as ReadOnly Code Region to ReadOnly, NonExecutable Data Region.
- If a control flow violation is detected, the system will generate an exception.
!!!! X64 Exception Type - 15(#CP - Control Protection) CPU Apic ID - 00000000 !!!!
ExceptionData - 0000000000000001
RIP - 000000007FDD6326, CS - 0000000000000038, RFLAGS - 0000000000010006
RAX - 000000007FE3EB00, RCX - 0000000000000000, RDX - 000000007FD07140
RBX - 000000007EC7D018, RSP - 000000007FE3EB28, RBP - 000000007FE3EC79
RSI - 000000007FFE2A01, RDI - 000000007AF3C518
R8 - 0000000000000000, R9 - 000000007FDD7179, R10 - 0000000000000002
R11 - 000000007FE3E9A0, R12 - 000000007B2614B8, R13 - 0000000000000003
R14 - 000000007FFFB3B8, R15 - 0000000076726473
DS - 0000000000000020, ES - 0000000000000020, FS - 0000000000000020
GS - 0000000000000020, SS - 0000000000000020
CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 000000007FE14000
CR4 - 0000000000800668, CR8 - 0000000000000000
DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 000000007FE12000 000000000000004F, LDTR - 0000000000000000
IDTR - 000000007FE1C000 00000000000001FF, TR - 0000000000000040
FXSAVE_STATE - 000000007FE3E780
!!!! Find image based on IP(0x%x) c:\edk\Build\PlatformPkg\DEBUG_VS2015x86\X64\TestPkg\StackCookieTest\StackCookieTestSmm\DEBUG\StackCookieTestSmm.pdb (ImageBase=000000007FDCF000, EntryPoint=000000007FDD0310) !!!!