V2 [PATCH 0/4] x86: Enable Intel Control-flow Enforcement Technology (CET)
H.J. Lu
hjl.tools at gmail.com
Wed Jan 22 23:44:24 CET 2020
On Wed, Jan 22, 2020 at 1:33 PM Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:
>
> Hello,
>
> On 19.1.2020 16.40, H.J. Lu via Gcrypt-devel wrote:
> > Intel Control-flow Enforcement Technology (CET):
> >
> > https://software.intel.com/en-us/articles/intel-sdm
> >
> > contains shadow stack (SHSTK) and indirect branch tracking (IBT). When
> > CET is enabled, ELF object files must be marked with .note.gnu.property
> > section. CET enabled compiler provides <cet.h> which can be included
> > in assembly sources to automatically generate .note.gnu.property section.
> > Also when IBT is enabled, all indirect branch targets must start with
> > ENDBR instruction. <cet.h> defines _CET_ENDBR to generate proper ENDBR
> > instruction.
> >
> > Tested with
> >
> > $ CC="gcc -Wl,-z,cet-report=error -fcf-protection" ./configure
> >
> > in i686 and x86-64 modes on Linux CET machine.
> >
> > H.J. Lu (4):
> > x86: Add .note.gnu.property section for Intel CET
> > mpi: Add .note.gnu.property section for Intel CET
> > amd64: Always include <config.h> in cipher assembly codes
> > i386: Add _CET_ENDBR to indirect jump targets
> >
> > cipher/camellia-aesni-avx-amd64.S | 3 ++-
> > cipher/camellia-aesni-avx2-amd64.S | 3 ++-
> > cipher/serpent-avx2-amd64.S | 3 ++-
> > configure.ac | 6 +++++
> > mpi/config.links | 10 ++++++++
> > mpi/i386/mpih-add1.S | 37 ++++++++++++++++++++++++++++++
> > mpi/i386/mpih-sub1.S | 37 ++++++++++++++++++++++++++++++
> > 7 files changed, 96 insertions(+), 3 deletions(-)
> >
>
> Patches have been applied to master. Thanks.
>
Thanks.
--
H.J.
More information about the Gcrypt-devel
mailing list