Intel Confirms CET Security Support For Tiger Lake
Intel is confirming today that Control-Flow Enforcement Technology (Intel CET) will premiere with upcoming mobile Tiger Lake processors.
CET works by preventing ROP and COP/JOP style attacks through indirect branch tracking and a shadow stack. For nearly three years we have been talking about Control-Flow Enforcement Technology with the open-source Intel developers doing a fairly punctual job plumbing it into the open-source compilers, the necessary Linux kernel changes, etc. Just last month I provided the current state of Intel CET on Linux with most patches under review or landed but due to the GCC 11 requirement will not be all stabilized until early next year.
Intel's announcement today is that CET is seeing initial support with Tiger Lake CPUs due out soon for helping fight off control-flow hijacking malware attempts.
While the Linux patches are still landing, Microsoft Windows 10 users will see hardware-enforced stack protection beginning today with Windows 10 Insider Preview builds. It's too bad not all of the Intel CET support is mainlined for Linux users today (especially for how long they have been preparing these patches going back to June 2017), but at least it's available in patch form for interested parties ahead of Tiger Lake's debut and nice to see this technology now becoming available within the newest Intel CPUs.
CET works by preventing ROP and COP/JOP style attacks through indirect branch tracking and a shadow stack. For nearly three years we have been talking about Control-Flow Enforcement Technology with the open-source Intel developers doing a fairly punctual job plumbing it into the open-source compilers, the necessary Linux kernel changes, etc. Just last month I provided the current state of Intel CET on Linux with most patches under review or landed but due to the GCC 11 requirement will not be all stabilized until early next year.
Intel's announcement today is that CET is seeing initial support with Tiger Lake CPUs due out soon for helping fight off control-flow hijacking malware attempts.
While the Linux patches are still landing, Microsoft Windows 10 users will see hardware-enforced stack protection beginning today with Windows 10 Insider Preview builds. It's too bad not all of the Intel CET support is mainlined for Linux users today (especially for how long they have been preparing these patches going back to June 2017), but at least it's available in patch form for interested parties ahead of Tiger Lake's debut and nice to see this technology now becoming available within the newest Intel CPUs.
14 Comments