Intel CET Support Still Getting Squared Away For Linux In 2020

Written by Michael Larabel in Intel on 17 May 2020 at 07:55 AM EDT. 1 Comment
INTEL
Various open-source patches have gone back to at least 2017 for enabling Intel's Control-Flow Enforcement Technology (CET) for the Linux kernel and related components. This is the Intel feature for helping prevent ROP and COP/JOP style attacks via indirect branch tracking and a shadow stack. Recently there has been a fair amount of CET improvements to the various open-source components.

CET has been around since GCC 8, Binutils 2.32, and Glibc 2.28 while as of writing the kernel bits in the mainline kernel have just been adding the CET instructions to the opcode map but without the actual CET kernel bits being mainlined.

That though could hopefully change soon as a few weeks ago the v10 patches for control-flow enforcement with enabling the shadow stack was sent out. Those kernel patches though are still in flux so might not be mainlined even for the upcoming Linux 5.8 kernel.

Outside of the kernel though, over in GCC space for GCC 11 is now defaulting the CET run-time support to auto for the compiler-side bits. So that's important for seeing CET support available by default on more systems.

There have also been other CET improvements for GCC 11 in recent days like enabling cross-compiler support when possible, enabling it in libbacktrace, and other CET enabling.

GCC 11 with the latest Control-Flow Enforcement Technology bits won't be out as stable until around this time next year but at least before then we'll hopefully see a Linux kernel release with all the CET bits there in place.
1 Comment
Related News
Intel Driver Enabling HF-EEODB For Linux 6.3 As Part Of HDMI 2.1 Compliance
Intel Releases HAXM 7.8 As One Last Hurrah For The Open-Source Project
Linux Resource Control Monitoring Being Improved For Intel Sub-NUMA Cluster Configurations
Intel Habana Labs AI Driver Moving To New "Accel" Subsystem For Linux 6.3
Linux 6.3 EDAC Prepares For Intel Granite Rapids With Up To 12 DDR5 Memory Channels
Intel oneVPL GPU Runtime 22.6.5 Brings AV1 & VP9 Encode Improvements
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Firefox 109 vs. Chrome 109 Browser Benchmarks On Ubuntu Linux + Core i9 13900K
helloSystem 0.8 Released As macOS Inspired FreeBSD Desktop OS
Linux 6.2-rc5 Released - The Kernel Will Most Likely Be Extended Through 6.2-rc8
Wine 8.0 Released With PE Conversion Complete, Progress On WoW64 Support
RADV Receives Patches To Help With Less Stuttering For Zink
Wine 8.0-rc5 Released With Just Nine Bugs Fixed
Linux Takes Another Shot At Fixing Visual Glitches & GPU Hangs For Intel Sandy Bridge
Ubuntu 22.04.2 LTS Delayed To End Of February Over Kernel & Signed Shim Woes