Intel CET Support Still Getting Squared Away For Linux In 2020
Written by Michael Larabel in Intel on 17 May 2020 at 07:55 AM EDT. 1 Comment
INTEL --
Various open-source patches have gone back to at least 2017 for enabling Intel's Control-Flow Enforcement Technology (CET) for the Linux kernel and related components. This is the Intel feature for helping prevent ROP and COP/JOP style attacks via indirect branch tracking and a shadow stack. Recently there has been a fair amount of CET improvements to the various open-source components.

CET has been around since GCC 8, Binutils 2.32, and Glibc 2.28 while as of writing the kernel bits in the mainline kernel have just been adding the CET instructions to the opcode map but without the actual CET kernel bits being mainlined.

That though could hopefully change soon as a few weeks ago the v10 patches for control-flow enforcement with enabling the shadow stack was sent out. Those kernel patches though are still in flux so might not be mainlined even for the upcoming Linux 5.8 kernel.

Outside of the kernel though, over in GCC space for GCC 11 is now defaulting the CET run-time support to auto for the compiler-side bits. So that's important for seeing CET support available by default on more systems.

There have also been other CET improvements for GCC 11 in recent days like enabling cross-compiler support when possible, enabling it in libbacktrace, and other CET enabling.

GCC 11 with the latest Control-Flow Enforcement Technology bits won't be out as stable until around this time next year but at least before then we'll hopefully see a Linux kernel release with all the CET bits there in place.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week