james-ben
commented
4 years ago Hello @uzleo . I realized that I had not subscribed to receive notifications about issues, so I did not see this until today; my apologies.
The CFCSS pass was written during my first summer of work on this project, mostly to teach me about LLVM passes. Our main research and effort goes into maintaining the dataflowProtection pass. I don't think CFCSS has been touched since last year when someone else spotted a bug in the code.
That being said, I'm willing to look at it and see if the change can be implemented easily. My guess is that it will not be hard to do. Could you explain a little more about why you think it should be changed? And did you ever get around to patching it yourself?
Thank you.
Hi, thanks for open-sourcing this work. Been really helpful. I am currently working with CFCSS pass to harden my embedded firmware and I find the updates to global registers @BasicBlockSignatureTracker, @RunTimeSignatureAdjuster shouldn't be at the end of BB (i.e. in X.split) rather they should be just after their usage in XOR calculation near the start as mentioned in the CFCSS paper. This is important as current CFCSS suffers from poor CFE coverage. By manually modifying the generated cfcss code I was able to get better coverage.
I could patch it up but maybe you guys knowing the codebase could do it much quicker obviously after agreeing that CFCSS pass needs fixing