Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Linux May Flip On Indirect Branch Tracking By Default (IBT)

Written by Michael Larabel in Intel on 5 September 2022 at 06:14 AM EDT. 15 Comments

INTEL

A new patch floated by a Google Chrome OS / Linux kernel engineer would enable support for the Intel-led Indirect Branch Tracking (IBT) by default as part of the standard kernel configuration for this security feature.

Indirect Branch Tracking is part of Intel Control-Flow Enforcement Technology (CET) with Tigerlake CPUs and newer. IBT provides indirect branch protection to defend against JOP/COP attacks by ensuring indirect calls land on an ENDBR instruction.

Indirect Branch Tracking on the kernel side was upstreamed for Linux 5.18 and also requires a newer version of the GCC or LLVM Clang code compilers.

While IBT is already enabled by default for some distribution vendor kernels, Google's Kees Cook has suggested it be enabled by default for x86/x86_64 Linux kernel builds.

With this patch he justifies the default change as:

This security defense is runtime enabled via CPU ID, so build it in by default. It will be enabled if the CPU supports it. The build takes 2 seconds longer, which seems a small price to pay for gaining this coverage by default.

We'll see if this default kernel security change gets picked up for the v6.1 cycle this autumn.

15 Comments

Related News

New Intel P-State Linux Driver Patches To Better Handle Hybrid Core CPUs

Intel Talks Up Their Latest Compiler Toolchain Enhancements For AVX10.1, AMX & More

Rework For Intel CPU Model Handling To Land With Linux 6.10

Linux 6.10 Adding Intel Low-Latency Hint To Aggressively Boost GT Frequency For GPU Compute

Intel Releases OpenVINO 2024.1 With More Gen AI & LLM Features

Intel ANV Vulkan Driver Enables VK_KHR_shader_float_controls2

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

systemd Rolling Out "run0" As sudo Alternative

Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent

Microsoft Updates Cascadia Code: Its Open-Source Font For Developers

Rust-Written Redox OS Gets USB Keyboards & Mice Working

Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils

AMD Enabling "Fast CPPC" For Even Greater Linux Performance & Power Efficiency On Some CPUs

Punting GPU Drivers From The Initramfs Due To Ever Increasing Firmware Bloat

Valve Publishes Steam Survey Numbers For April 2024