Even if you give up on Rosetta, there’s all the other MSRs you’ll need to patch–there’s not a huge number of these, but since EL0 has direct access to at least one of these you can’t just patch the kernel.
> PAC, not a big risk factor, trap once and then patch to the non-PAC variant at worst for instructions that aren't in the NOP space.
You know, I don’t think Apple really uses the backwards-compatible encodings at all. Probably since they don’t need to?
> Even if you give up on Rosetta, there’s all the other MSRs you’ll need to patch–there’s not a huge number of these, but since EL0 has direct access to at least one of these you can’t just patch the kernel.
APRR can only remove permissions, not add them. As such, it can be stubbed out. The other MSRs are tunables for CPU errata workarounds, which can just be stubbed too.
> You know, I don’t think Apple really uses the backwards-compatible encodings at all. Probably since they don’t need to?
You just need to trap once for each time you see them and then patch it there.
Even if you give up on Rosetta, there’s all the other MSRs you’ll need to patch–there’s not a huge number of these, but since EL0 has direct access to at least one of these you can’t just patch the kernel.
> PAC, not a big risk factor, trap once and then patch to the non-PAC variant at worst for instructions that aren't in the NOP space.
You know, I don’t think Apple really uses the backwards-compatible encodings at all. Probably since they don’t need to?