Show Your Support: Did you know that you can get Phoronix Premium for under $4 per month? Try it today to view our site ad-free, multi-page articles on a single page, and more while the proceeds allow us to write more Linux hardware reviews. At the very least, please disable your ad-blocker.
Intel IBT Patches For Linux Back On Track
The SS portion of CET is focused on protecting against return-oriented programming (ROP) attacks. The Indirect Branch Tracking meanwhile provides hardware safeguards against jump/call oriented programming attacks (JOP / COP). While IBT Linux patches have been posted before, they haven't been mainlined yet and apparently not as much of a focus as the SS capabilities. In any event, Peter Zijlstra recently took to working on IBT integration for the Linux kernel and it's been making great progress.
On Friday there were 29 patches sent out by Zijlstra for the latest IBT kernel support. In there he shared the promising state of this IBT support:
This is an (almost!) complete Kernel IBT implementation. It's been self-hosting for a few days now. That is, it runs on IBT enabled hardware (Tigerlake) and is capable of building the next kernel.
It is also almost clean on allmodconfig using GCC-11.2.
The biggest TODO item at this point is Clang, I've not yet looked at that.
More details on CET can be found at Intel.com. CET hardware support initially premiered with Intel Tiger Lake processors.