No announcement yet.

Intel Working To Combine The Best Of CET + CFI Into "FineIBT"

  • Filter
  • Time
  • Show
Clear All
new posts

  • Intel Working To Combine The Best Of CET + CFI Into "FineIBT"

    Phoronix: Intel Working To Combine The Best Of CET + CFI Into "FineIBT"

    Intel security researchers have been working on implementing toolchain-optimized fine-grained Control Flow Integrity (CFI) support on top of Intel's hardware-based Control-flow Enforcement Technology (CET). By leveraging Intel CET, the Control-Flow Integrity overhead is much lower than the otherwise pure software/compiler-based approach. This Linux security improvement is being worked on under the name of FineIBT...

  • #2
    "Intel security researchers"


    • #3
      PaX RAP was also advertised to have performance impact in the single-digit percentage range, without depending on the capabilities of hardware (from one specific vendor, at that) which is scarce, and will remain a minority in the real world for years (if not forever, considering that there are far more chips based on the ARMv* ISAs chips than x86_64 chips made by Intel chips, and then there are all of the other ISAs). Also, CET's not quite perfect, according to the makers of RAP, who have a great track record creating security defenses: .
      But RAP's no longer publicly accessible, like the rest of vastly superior technologies with lower hardware requirements from PaX/grsecurity, because their authors couldn't make a living out of the voluntary donations, and were forced into free labor...
      Last edited by debrouxl; 06 August 2021, 04:37 PM.