= GIT REPO DEPRECATED
= RISC-V CFI specification
[WARNING] GIT REPO DEPRECATED: This specification is integrated into the Priv. and Unpriv. specifications. This repo is no longer maintained. Please refer to the Priv. and Unpriv. specifications at https://github.com/riscv/riscv-isa-manual
This document is capturing discussions at the Shadow Stacks and Landing Pads TG and attempts to document the baseline. This is not official specification and everything in this document may change. Control-flow Integrity (CFI) provides CPU instruction set architecture (ISA) capabilities to defend against Return-Oriented Programming (ROP) and Call/Jump-Oriented Programming (COP/JOP) style control-flow subversion attacks.
To enforce backward edge control-flow integrity, the extension introduces a shadow stack. To enforce forward edge control-flow integrity, the extension introduces labeled landing pad instructions.
== License
This work is licensed under a Creative Commons Attribution 4.0 International License (CC-BY-4.0). For details, see the link:LICENSE[LICENSE] file.
== Maintainers
The list of maintainers of this specification is maintained in the link:MAINTAINERS.md[MAINTAINERS] file.
== Contributors
The list of contributors to this specification is maintained in the link:src/contributors.adoc[contributors] file.
For guidelines on how to contribute, refer to the link:CONTRIBUTING.md[CONTRIBUTING] file.
== Governance
The governance for this project is defined in the link:GOVERNANCE.md[GOVERNANCE] file.
Community information, including meeting (if held) and mailing lists are detailed in this file.
== Building the Document
=== Directory Structure
The following directories are used to organize the contents of this repo:
dependencies/: software dependencies needed to build the specificationdocs-resources/: resources for all specifications sourced from link:.gitmodules[git submodule]src/: source files for the specificationbuild/: default directory where the build artifacts are generated=== Prerequisites
To build the document, you'll need the following tools installed on your system:
=== Cloning the Repository
git clone --recurse-submodules https://github.com/riscv/riscv-cfi.git=== Building the Documentation
To start the build process, run:
cd ./riscv-cfi && make buildThe link:Makefile[] script will check the availability of Docker on your system:
The documentation is generated from the AsciiDoctor source files in your project. The primary source file is specified by the HEADER_SOURCE variable in the Makefile.
The build process utilizes several options, including theming and font settings, and generates a PDF document as output.
=== Cleaning up
To clean up the generated files, run:
make clean== Enabling pre-commit checks locally
The repository has some basic commit checks set up with https://pre-commit.com/[pre-commit] that will be enforced by the GitHub CI. To ensure these checks are also run in the local repository while making changes the following can be done:
Rather than doing the above pre-commit install in every repo that uses it, you can do it https://pre-commit.com/#automatically-enabling-pre-commit-on-repositories[once on your system.]
When enabling additional checks https://pre-commit.com/#plugins[by editing .pre-commit-config.yaml], it is recommended running the newly added check on all files in the repository. This can be done with the following command: