Open miczyg1 opened 11 months ago
When UEFI gets rebuilt with CET-IBT active (i.e. adding some ENDBRANCH instructions), overall system security will improve.
Right now both Linux and Xen have to play heuristics by disabling security features in order for UEFI-RS to not explode.
No response
https://gitlab.com/xen-project/people/marmarek/xen/-/jobs/5235300322#L254
@andyhhp is it a matter of adding -fcf-protection to GCC flags and linker markers or is something else needed?
-fcf-protection
The problem you're addressing (if any)
When UEFI gets rebuilt with CET-IBT active (i.e. adding some ENDBRANCH instructions), overall system security will improve.
Right now both Linux and Xen have to play heuristics by disabling security features in order for UEFI-RS to not explode.
Describe the solution you'd like
No response
Where is the value to a user, and who might that user be?
No response
Describe alternatives you've considered
No response
Additional context
https://gitlab.com/xen-project/people/marmarek/xen/-/jobs/5235300322#L254