Fedora 33 Looks To Up Its Code Hardening For 64-Bit Arm Systems

Written by Michael Larabel in Arm on 19 May 2020 at 12:08 AM EDT. Add A Comment
Fedora has been improving its 64-bit ARM (AArch64) support for quite some time and with this autumn's Fedora 33 release it should be in even better shape.

One of the AArch64-specific Fedora 33 changes being planned is enabling support for newer ARMv8.3~8.5-level code hardening features in order to enhance the security.

Making use of Arm's Pointer Authentication is one of those improvements for helping to fend off ROP attacks by signing and verifying pointers. The compiler and kernel support for Arm Pointer Authentication is already mainlined and such, it's just a matter of flipping on the support when building out the ARMv8 software.

Another code hardening change is enabling Branch Target Identification (BTI). That too is ready to go upstream but requires a compiler flag when building out the software.

The proposal at this stage is to build out the Fedora 33 AArch64 packages with BTI and PAC features enabled. The binaries can still work fine on earlier ARMv8 hardware not supporting these instructions.

More details on these planned Fedora 33 AArch64 improvements via this change proposal.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week