This document is capturing discussions at the Shadow Stacks and Landing Pads TG and attempts to document the baseline. This is not official specification and everything in this document may change. Control-flow Integrity (CFI) provides CPU instruction set architecture (ISA) capabilities to defend against Return-Oriented Programming (ROP) and Call/Jump-Oriented Programming (COP/JOP) style control-flow subversion attacks.
To enforce backward edge control-flow integrity, the extension introduces a shadow stack. To enforce forward edge control-flow integrity, the extension introduces labeled landing pad instructions.
This work is licensed under a Creative Commons Attribution 4.0 International License (CC-BY-4.0). See the LICENSE file for details.
Contributors to this specification are contained in the contributors file.
For instructions on how to contribute please see the CONTRIBUTING file.
To build the document, you’ll need the following tools installed on your system:
Make
asciiDoctor-pdf, asciidoctor-bibtex, asciidoctor-diagram and asciidoctor-mathematical
Docker
This project uses submodules to include the RISC-V documentation toolchain.
git clone --recurse-submodule https://github.com/riscv/riscv-cfi.git
cd ./riscv-cfi.git
make VERSION=v1.0.0 REVMARK=Draft
VERSION
: Represents the version of the specification being built. By default, this is set to 'v0.0.0'. You can change this to a different value, like 'v1.0.0', 'v1.1.0', etc., based on the current version of your specification.
REVMARK
: This represents a revision marker for the project. Its default value is 'Draft'. You may want to change this to something like 'Release', 'Stable' or 'Ratified'.