Linux 5.8 Tightens ARM 64-Bit Security With BTI, Shadow Call Stack Support
Written by Michael Larabel in Arm on 3 June 2020 at 03:38 AM EDT. 1 Comment
ARM --
The 64-bit ARM (ARM64 / AArch64) architecture changes have already landed into the progressing Linux 5.8 codebase.

When it comes to modern Arm architectural changes for Linux 5.8, this cycle it primarily revolves around two security features now being supported: Branch Target Identification and Shadow Call Stack.

Branch Target Identification (BTI) support as part of the ARMv8.5 specification. Branch Target Identification marks valid targets of indirect branches and the CPU will trap an instruction in a protected page that is trying to perform an indirect branch to an instruction other than a marked BTI.

Unlike BTI that needs ARMv8.5 SoC support, Shadow Call Stack is a compiler-level feature when building with LLVM/Clang. Shadow Call Stack support, which works in conjunction with the LLVM Clang compiler. Shadow Call Stack is designed to prevent against return address overwrites. Currently though the LLVM/Clang compiler code only supports this on AArch64 and so does this current kernel code for Linux 5.8. This kernel code could be ported to other architectures if LLVM ends up supporting the Shadow Call Stack elsewhere. SCS support was previously dropped on x86_64 over big performance hits.

The rest of the ARM64 changes are mostly minor and outlined via this merge. Still coming up in the days ahead for the Linux 5.8 merge window are all of the SoC/platform/DeviceTree changes.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week