Another Round Of Intel CET Patches, Still Working Toward Linux Kernel Integration

Written by Michael Larabel in Intel on 21 August 2021 at 06:40 AM EDT. 1 Comment
INTEL
While Intel is normally very punctual in providing support for major new CPU features under Linux and often landing them well in advance of general hardware availability, their work around Control-flow Enforcement Technology (CET) has taken a long longer than normal and is still going through new rounds of code review to get accepted into the mainline Linux kernel.

Intel Tiger Lake SoCs with CET support have been available now for about one year and Intel CET work for Linux goes back to 2017. Intel Control-Flow Enforcement Technology aims to prevent ROP and COP/JOP style attacks through indirect branch tracking and a shadow stack. The compiler-side CET patches quickly landed but the Linux kernel support for this security feature has long been ongoing and as of yesterday is up to its 29th round of review.


On Friday the 29th round of the CET shadow stack patches and CET indirect branch tracking patches were posted.

The 32 Linux patches for the CET shadow stack support saw most of the changes with various low-level code improvements and tweaks plus re-basing against the latest upstream kernel state. The ten patches for the CET indirect branch tracking were just re-basing the patches against the upstream kernel state.

Some Linux distributions and vendor kernels are already carrying the Intel CET patches in their out-of-tree form while we await to see if the patches are now deemed ready for mainline next cycle or will still require more rounds of review... Hopefully it's not like Intel SGX that took 40+ rounds of review before being ready for the mainline kernel.
1 Comment
Related News
Intel Lands "Round Robin Strict" Driver Optimization For Helping Battlemage/Xe2
Intel Looking To Raise SPIR-V Backend To Becoming An Official LLVM Target
Intel Panther Lake & Clearwater Forest Power Management Patches For Linux 6.14
Intel Begins Readying Graphics Driver Changes For The Linux 6.14 Kernel
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
Intel Linux Display Driver Being Adapted For DRM Panic "Blue Screen of Death" Support
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features