Ok, it turns out the quick test i spontaneously came up with is flawed, sorry about that.
However, if you look at the disassembly, you can see that the endbr instruction is not at the beginning of a function, but rather directly after a nop instruction, so it seems to me this is just used as another nop variant for alignment purposes. Another file one can test that actually gives zero is /lib64/ld-linux-x86-64.so.2 so the right command to test is objdump -d /lib64/ld-linux-x86-64.so.2 | grep endbr | wc -l On Mon, 2022-09-05 at 21:14 +0000, Jeremy Stanley wrote: > On 2022-09-05 22:44:52 +0200 (+0200), Felix Potthast wrote: > > i just stumbled upon the fact that debian doesn't yet make use of > > the Intel CET security feature, while many other distributions > > (Ubuntu, Fedora, Suse, Arch Linux) do. > [...] > > Forgive me if this is a dumb question, but were you running on a > Linux 5.18 kernel when you tested this? The default kernel on the > current Debian release is too old to support it, but there is a 5.18 > kernel in the bullseye-backports suite. This is from my workstation > running a relatively up to date Debian unstable booted on a 5.18.x > kernel, as you can see: > > fungi@dhole:~$ uname -v > #1 SMP PREEMPT_DYNAMIC Debian 5.18.14-1 (2022-07-23) > fungi@dhole:~$ objdump -d /bin/mv | grep endbr | wc -l > 2 > fungi@dhole:~$ objdump -d /bin/mv | grep endbr > 4230: f3 0f 1e fa endbr64 > 4270: f3 0f 1e fa endbr64 >
