V2 [PATCH 0/4] x86: Enable Intel Control-flow Enforcement Technology (CET)
H.J. Lu
hjl.tools at gmail.com
Sun Jan 19 15:40:21 CET 2020
Intel Control-flow Enforcement Technology (CET):
https://software.intel.com/en-us/articles/intel-sdm
contains shadow stack (SHSTK) and indirect branch tracking (IBT). When
CET is enabled, ELF object files must be marked with .note.gnu.property
section. CET enabled compiler provides <cet.h> which can be included
in assembly sources to automatically generate .note.gnu.property section.
Also when IBT is enabled, all indirect branch targets must start with
ENDBR instruction. <cet.h> defines _CET_ENDBR to generate proper ENDBR
instruction.
Tested with
$ CC="gcc -Wl,-z,cet-report=error -fcf-protection" ./configure
in i686 and x86-64 modes on Linux CET machine.
H.J. Lu (4):
x86: Add .note.gnu.property section for Intel CET
mpi: Add .note.gnu.property section for Intel CET
amd64: Always include <config.h> in cipher assembly codes
i386: Add _CET_ENDBR to indirect jump targets
cipher/camellia-aesni-avx-amd64.S | 3 ++-
cipher/camellia-aesni-avx2-amd64.S | 3 ++-
cipher/serpent-avx2-amd64.S | 3 ++-
configure.ac | 6 +++++
mpi/config.links | 10 ++++++++
mpi/i386/mpih-add1.S | 37 ++++++++++++++++++++++++++++++
mpi/i386/mpih-sub1.S | 37 ++++++++++++++++++++++++++++++
7 files changed, 96 insertions(+), 3 deletions(-)
--
2.24.1
More information about the Gcrypt-devel
mailing list