[Kernel-packages] [Bug 1929889] Re: [TGL][ADL] Enable CET(Control-flow Enforcement Technology)

Mon, 22 Nov 2021 23:20:56 -0800 

@Dimitri

Intel has done a few experiments to enable CET on Ubuntu 20.04. Here are
some details:

As my experiment in ubuntu 20.04, the glibc should be update into 2.34.
And busybox should be build on glibc 2.34 (to create initramfs during install 
kernel).
Then ubuntu 20.04 can start, and cet enabled.

Diff glibc 2.31 and glib 2.34 listed as below(20.04 basic glibc is 2.31,
21.04 is 2.34)

ea26ff0322 x86: Copy IBT and SHSTK usable only if CET is enabled 04dff6fc0d 
x86: Properly set usable CET feature bits [BZ #26625]
2ef23b5205 x86: Set header.feature_1 in TCB for always-on CET [BZ #27177]
c02695d776 x86/CET: Update vfork to prevent child return
9e38f455a6 x86: Add --enable-cet=permissive
674ea88294 x86: Move CET control to _dl_x86_feature_control [BZ #25887]
1fabdb9908 x86: Remove ARCH_CET_LEGACY_BITMAP [BZ #25397]
5d844e1b72 i386: Enable CET support in ucontext functions
0455f251f4 i386: Use ENTRY/END in assembly codes 825b58f3fb i386-mcount.S: Add 
_CET_ENDBR to _mcount and 
           __fentry__ 
4031d7484a i386/sub_n.S: Add a missing _CET_ENDBR to indirect jump target
15eab1e3e8 i386: Don't unnecessarily save and restore EAX, ECX and EDX [BZ# 
25262]

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-intel in Ubuntu.
https://bugs.launchpad.net/bugs/1929889

Title:
  [TGL][ADL] Enable CET(Control-flow Enforcement Technology)

Status in intel:
  New
Status in intel lookout-canyon series:
  New
Status in linux-intel package in Ubuntu:
  Triaged
Status in linux-intel source package in Focal:
  New

Bug description:
  Description
  Enable Tiger Lake ROP CET(Control-flow Enforcement Technology)
  An upcoming IntelĀ® processor family feature that counters 
return/jump-oriented programming (ROP) attacks

  Hardware: Tiger Lake & Alder Lake

  Target Release: 21.04
  Target Kernel: TBD

  External links:
  
https://github.com/intel/linux-intel-quilt/tree/mainline-tracking-v5.11-yocto-210223T083754Z

To manage notifications about this bug go to:
https://bugs.launchpad.net/intel/+bug/1929889/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to