Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Linux May Flip On Indirect Branch Tracking By Default (IBT)

Written by Michael Larabel in Intel on 5 September 2022 at 06:14 AM EDT. 15 Comments

INTEL

A new patch floated by a Google Chrome OS / Linux kernel engineer would enable support for the Intel-led Indirect Branch Tracking (IBT) by default as part of the standard kernel configuration for this security feature.

Indirect Branch Tracking is part of Intel Control-Flow Enforcement Technology (CET) with Tigerlake CPUs and newer. IBT provides indirect branch protection to defend against JOP/COP attacks by ensuring indirect calls land on an ENDBR instruction.

Indirect Branch Tracking on the kernel side was upstreamed for Linux 5.18 and also requires a newer version of the GCC or LLVM Clang code compilers.

While IBT is already enabled by default for some distribution vendor kernels, Google's Kees Cook has suggested it be enabled by default for x86/x86_64 Linux kernel builds.

With this patch he justifies the default change as:

This security defense is runtime enabled via CPU ID, so build it in by default. It will be enabled if the CPU supports it. The build takes 2 seconds longer, which seems a small price to pay for gaining this coverage by default.

We'll see if this default kernel security change gets picked up for the v6.1 cycle this autumn.

15 Comments

Related News

Linux Fixing A "Hilarious/Revolting Performance Regression" Around Intel KVM Virtualization

Intel P-State Energy Aware Scheduling Patches Updated For Lunar Lake

Intel Lands "Round Robin Strict" Driver Optimization For Helping Battlemage/Xe2

Intel Looking To Raise SPIR-V Backend To Becoming An Official LLVM Target

Intel Panther Lake & Clearwater Forest Power Management Patches For Linux 6.14

Intel Begins Readying Graphics Driver Changes For The Linux 6.14 Kernel

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts

How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs

Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd

Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal

GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd

NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance

KDE Starts December By Landing A Number Of New Features

Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries