MdePkg/BaseLib: Add Shadow Stack Support for X86.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521

This patch adds SSP - shadow stack pointer to JumpBuffer.
It will be used for the platform that enabled CET/ShadowStack.

We add gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask
to control the global enable/disable.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index c859b4a511..69a9575a04 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -2087,6 +2087,13 @@
   # @Prompt Fixed Debug Message Print Level.

   gEfiMdePkgTokenSpaceGuid.PcdFixedDebugPrintErrorLevel|0xFFFFFFFF|UINT32|0x30001016

 

+  ## Indicates the control flow enforcement enabling state.

+  #  If enabled, it uses control flow enforcement technology to prevent ROP or JOP.<BR><BR>

+  #   BIT0 - SMM CET Shadow Stack is enabled.<BR>

+  #   Other - reserved

+  # @Prompt Enable control flow enforcement.

+  gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask|0x0|UINT32|0x30001017

+

 [PcdsFixedAtBuild,PcdsPatchableInModule]

   ## Indicates the maximum length of unicode string used in the following

   #  BaseLib functions: StrLen(), StrSize(), StrCmp(), StrnCmp(), StrCpy(), StrnCpy()<BR><BR>