From fac54ac35b3bf26f32767ae77fdc29c11d4c98bd Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 22 Nov 2024 11:59:53 +0000
Subject: [PATCH] linter: Implement aarch64 checks

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/libpakfire/linter-file.c | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/libpakfire/linter-file.c b/src/libpakfire/linter-file.c
index ee39d6143..9cfa27c36 100644
--- a/src/libpakfire/linter-file.c
+++ b/src/libpakfire/linter-file.c
@@ -752,13 +752,31 @@ static uint32_t read_4_bytes(const int endianess, const char* data) {
 
 static int __pakfire_linter_file_check_cf_protection_aarch64(struct pakfire_linter_file* lfile,
 		const int endianess, const uint32_t type, const char* payload) {
-	# warning TODO
+	switch (type) {
+		case GNU_PROPERTY_AARCH64_FEATURE_1_AND:
+			break;
+
+		// Ignore the rest
+		default:
+			return 0;
+	}
+
+	uint32_t property = read_4_bytes(endianess, payload);
+
+	// Check for BTI
+	if (!(property & GNU_PROPERTY_AARCH64_FEATURE_1_BTI))
+		return pakfire_linter_file_error(lfile, "Branch Target Identification (BTI) is not enabled");
+
+	// Check for PAC
+	if (!(property & GNU_PROPERTY_AARCH64_FEATURE_1_PAC))
+		return pakfire_linter_file_error(lfile, "Pointer Authentication (PAC) is not enabled");
+
 	return 0;
 }
 
 static int __pakfire_linter_file_check_cf_protection_riscv64(struct pakfire_linter_file* lfile,
 		const int endianess, const uint32_t type, const char* payload) {
-	# warning TODO
+	// There is nothing to do here
 	return 0;
 }
 
@@ -768,7 +786,7 @@ static int __pakfire_linter_file_check_cf_protection_x86(struct pakfire_linter_f
 		case GNU_PROPERTY_X86_FEATURE_1_AND:
 			break;
 
-		// XXX what should we do in this case? Just ignore?
+		// Ignore the rest
 		default:
 			return 0;
 	}
-- 
2.39.5