Releases: zyedidia/lfi
v0.5
v0.4
Full Changelog: v0.3...v0.4
v0.3
This release adds initial native support for x86-64 (amd64). The x86-64 sandboxing scheme uses 16-byte bundles and rewrites jumps/loads/stores to safe equivalents via two reserved registers. More details will be forthcoming. A static verifier for x86-64 is not yet available, so currently only the compiler toolchains and lfi-run
tool are available. The Clang toolchain for x86-64 requires a modification to LLVM, so prebuilt versions of the patched Clang and LLD are available in llvm/bin
in the archive.
The performance of the ARM64 verifier has also been improved and now verifies typical binaries at a throughput of 500 MiB/s on an M2 CPU.
v0.2
New in this release:
lfi-run
has been rewritten to useliblfi
and has been significantly improved.- The runtime call table is now stored in
x25
, which will facilitate future improvements. - The verifier is now significantly smaller and faster (200 MiB/s).
- Experimental support for running on x86-64 via Dynarmic in
lfi-run
. This effort will likely not be continued in the near future, but remains experimental due to being incomplete (you may encounter issues).
Several further improvements are in-progress: optimized integration with WebAssembly (including a WASI runtime), even faster verification, and native x86-64 support.
v0.1
Version 0.1 of LFI. This release includes prebuilt toolchains for both Clang and GCC in lfi-toolchain-arm64.tar.gz
, and a prebuilt version of liblfi
in liblfi-prebuilt.tar.gz
. A GCC cross-compiler is also included that can run on x86-64 hosts in lfi-toolchain-amd64.tar.gz
(does not include lfi-run
).
The Clang toolchain expects you to have an externally installed version of Clang and LLD.
The GCC toolchain contains all necessary binaries within the toolchain (gcc
, g++
, binutils, etc.).
Prebuilt toolchain
Prebuilt LFI toolchain for LLVM 15.0.7.
lfi.tar.gz
: the LFI toolchain.lfi-native.tar.gz
: a version of the LFI toolchain that is compiled without guards or reserved registers. This is used as a benchmark for native performance.