Announcement

Collapse
No announcement yet.

Experimental "FineIBT" Series Published For Linux - Building Atop Intel CET/IBT

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Experimental "FineIBT" Series Published For Linux - Building Atop Intel CET/IBT

    Phoronix: Experimental "FineIBT" Series Published For Linux - Building Atop Intel CET/IBT

    Merged as part of Linux 5.18 is Intel's Indirect Branch Tracking (IBT) support as part of CET (Control Flow Enforcement) technology. Indirect Branch Tracking is intended to help protect against JUMP/CALL oriented attacks as part of CET's control-flow integrity protections. Meanwhile still being worked on is "FineIBT" as a more compiler-hardened version built atop Intel CET/IBT...

    https://www.phoronix.com/scan.php?pa...-Intel-CET-IBT

  • #2
    No GCC... only 5% of distros will benefit.

    Comment


    • #3
      Originally posted by tildearrow View Post
      No GCC... only 5% of distros will benefit.
      GCC does not support any forwards edge CFI analysis at all, so it's not just a matter of "hey, why didn't you port this to gcc" - the whole infrastructure for it only exists in clang

      GCC still does support barebones IBT, which will at least give a coarse grained forwards edge CFI, which is already a HUGE boon to security.

      Comment

      Working...
      X