Intel CET Support Still Getting Squared Away For Linux In 2020

Written by Michael Larabel in Intel on 17 May 2020 at 07:55 AM EDT. 1 Comment
INTEL
Various open-source patches have gone back to at least 2017 for enabling Intel's Control-Flow Enforcement Technology (CET) for the Linux kernel and related components. This is the Intel feature for helping prevent ROP and COP/JOP style attacks via indirect branch tracking and a shadow stack. Recently there has been a fair amount of CET improvements to the various open-source components.

CET has been around since GCC 8, Binutils 2.32, and Glibc 2.28 while as of writing the kernel bits in the mainline kernel have just been adding the CET instructions to the opcode map but without the actual CET kernel bits being mainlined.

That though could hopefully change soon as a few weeks ago the v10 patches for control-flow enforcement with enabling the shadow stack was sent out. Those kernel patches though are still in flux so might not be mainlined even for the upcoming Linux 5.8 kernel.

Outside of the kernel though, over in GCC space for GCC 11 is now defaulting the CET run-time support to auto for the compiler-side bits. So that's important for seeing CET support available by default on more systems.

There have also been other CET improvements for GCC 11 in recent days like enabling cross-compiler support when possible, enabling it in libbacktrace, and other CET enabling.

GCC 11 with the latest Control-Flow Enforcement Technology bits won't be out as stable until around this time next year but at least before then we'll hopefully see a Linux kernel release with all the CET bits there in place.
1 Comment
Related News
Intel Releases OpenVINO 2024.1 With More Gen AI & LLM Features
Intel ANV Vulkan Driver Enables VK_KHR_shader_float_controls2
Intel Has Many Improvements For The Xe Graphics Driver In Linux 6.10
Intel Enabling Linux Driver Display Support For Upcoming "Battlemage" GPUs
Intel Media Driver 2024Q1 Brings Arrow Lake H Support
Intel Compute Runtime 24.13.29138.7 Brings Improved OpenCL/OpenGL Sharing
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Fedora Linux 40 Available For Download As A Wonderful Upgrade
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"