arm64e build docs

Author: ifratric

CMakeLists.txt

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-cmake_minimum_required(VERSION "3.1")
+cmake_minimum_required(VERSION "3.5")
 set (CMAKE_CXX_STANDARD 17)
 
 # Determine whether TinyInst should be build for arm64 or x86
@@ -168,3 +168,14 @@ add_executable(litecov
 )
 
 target_link_libraries(litecov tinyinst)
+
+if(APPLE)
+  set_target_properties(litecov PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_SOURCE_DIR}/tinyinst.entitlements"
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "-"
+  )
+  set_target_properties(sslhook PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_SOURCE_DIR}/tinyinst.entitlements"
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "-"
+  )
+endif()

arm64e.entitlements

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.debugger</key>
+	<true/>
+	<key>com.apple.private.thread-set-state</key>
+	<true/>
+</dict>
+</plist>

macOS/README.md

@@ -28,6 +28,10 @@ aligns to 16k to ensure that not only parts of a module is instrumented. This
 behavior is controlled by the `-page_extend_modules` flag which is set to
 `true` by default on M1. In some cases it might be possible to turn off this flag resulting in better performance.
 
+## Running against arm64e binaries
+
+See [here](https://github.com/googleprojectzero/TinyInst/blob/master/macOS/README.md)
+
 ## TinyInst and Guard Malloc
 
 On macOS, [Guard Malloc](https://developer.apple.com/library/archive/documentation/Performance/Conceptual/ManagingMemory/Articles/MallocDebug.html) is a special version of the malloc library that makes it easier to catch certain types of memory safety issues. To enable Guard Malloc for a target process running under TinyInst, use the following flag:

macOS/arm64e.md

@@ -0,0 +1,32 @@
+# Running against arm64e binaries
+
+Note: There is a high probability you don't need this. By default, all binaries you compile yourself on Apple silicom macs will be arm64 (and *not* arm64e) binaries. E.g. a fuzzing harness you wrote yourself will be an arm64 binary even if it loads libraries made and signed by Apple. Only binaries that ship with the system and are signed by Apple will be arm64e binaries. You can always check which architecture a binary is compiled for by running the `file` command against it.
+
+In order to successfully run TinyInst or Jackalope against arm64e binaries, you need to do the following:
+
+1. Disable System Integrity Protection (SIP) by following instructions [here](https://developer.apple.com/documentation/security/disabling-and-enabling-system-integrity-protection).
+
+2. Enable arm64e ABI and disable Apple Mobile File Integrity (AMFI) by running the following command
+```
+sudo nvram boot-args="-arm64e_preview_abi amfi_get_out_of_my_way=1"
+```
+and restarting the system.
+
+3. Build arm64e version of TinyInst / Jackalope by running the following commands from the source directory. This is the same build process as usual but with `-DCMAKE_OSX_ARCHITECTURES=arm64e` argument added.
+
+```
+mkdir buildarm64e
+cd arm64e
+cmake -G Xcode -DCMAKE_OSX_ARCHITECTURES=arm64e ..
+cmake --build . --config Release
+```
+
+4. You might also need to add additional entitlements to your TinyInst / Jackalope binaries by running
+```
+codesign -f -s - --entitlements path/to/TinyInst/arm64e.entitlements path/to/litecov/or/fuzzer
+```
+
+You should be able to run successfully against an arm64e binary now, e.g.
+```
+/path/to/litecov -instrument_module ls -- /bin/ls .
+```

tinyinst.entitlements

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.debugger</key>
+	<true/>
+</dict>
+</plist>