Freax13 · Freax13 · Oct 19, 2024 · Oct 19, 2024 · Oct 19, 2024
diff --git a/tee/supervisor-snp/src/reset_vector.s b/tee/supervisor-snp/src/reset_vector.s
@@ -150,9 +150,7 @@ mov rax, cr0
 or rax, 1 << 1
 mov cr0, rax
 mov rax, cr4
-or rax, 1 << 9
-or rax, 1 << 10
-or rax, 1 << 18
+or rax, (1 << 9) | (1 << 10) | (1 << 18)
 mov cr4, rax
 # 7.2 Enable AVX
 xor rcx, rcx

diff --git a/tee/supervisor-tdx/Makefile b/tee/supervisor-tdx/Makefile
@@ -19,7 +19,7 @@ CARGO_BUILD_STD_FEATURES = $(CARGO_BUILD_STD_FEATURES_$(PROFILE))
 CARGO_EXTRA_FLAGS_release = --features harden
 CARGO_EXTRA_FLAGS = $(CARGO_EXTRA_FLAGS_$(PROFILE))
 
-export RUSTFLAGS = -Z cf-protection=return
+export RUSTFLAGS = -Z cf-protection=full
 
 supervisor:
 	cargo build \

diff --git a/tee/supervisor-tdx/src/reset_vector.s b/tee/supervisor-tdx/src/reset_vector.s
@@ -67,9 +67,7 @@ mov rax, cr0
 or rax, 1 << 1
 mov cr0, rax
 mov rax, cr4
-or rax, 1 << 9
-or rax, 1 << 10
-or rax, 1 << 18
+or rax, (1 << 9) | (1 << 10) | (1 << 18)
 mov cr4, rax
 # 5.2 Enable AVX
 xor rcx, rcx
@@ -98,10 +96,10 @@ add r8, SHADOW_STACK_SIZE - 8
 mov rax, cr4
 or rax, 1 << 23
 mov cr4, rax
-# 7.2 Enable Shadow Stacks in in SCET MSR
+# 7.2 Enable SH_STK_EN, ENBR_EN, and NO_TRACK_EN in in SCET MSR
 mov ecx, 0x6a2
 xor edx, edx
-mov eax, 1
+mov eax, (1 << 0) | (1 << 2) | (1 << 4)
 wrmsr
 # 7.3 Load SSP
 rstorssp [r8]