Re: Control-flow Enforcement Technology (CET) support


Nashif, Anas
 

Hi Rafal,

This is not supported currently. We had plans in the past to enable this feature, but this did not happen.

There is no reason why this feature can’t be enabled, and you are welcome to submit the required changed to support this directly to the project.

 

Thanks,

Anas

 

From: <users@...> on behalf of "Bisiorowski, Rafal" <rafal.bisiorowski@...>
Date: Monday, September 27, 2021 at 9:30 AM
To: "Zephyr-users@..." <Zephyr-users@...>
Subject: [Zephyr-users] Control-flow Enforcement Technology (CET) support

 

Hi,

I’ve tried building zephyr app with GCC compiler flags to enable CET feature (Control-flow Enforcement Technology) “-fcf-protection=full -z cet-report=error”. Unfortunately there’s “error: missing IBT and SHSTK properties”. I’m not yet fully familiar with what is missing, but by checking zephyr’s code there are no ENDBR instructions in assembly code.

Is there any plan to add support for Control-flow Enforcement Technology (CET) in Zephyr?

Is there possibility to add this support on my own or is there a reason why CET shouldn’t be ever supported by Zephyr?

 

Thanks,

Rafal

 


Intel Technology Poland sp. z o.o.
ul. Słowackiego 173 | 80-298 Gdańsk | Sąd Rejonowy Gdańsk Północ | VII Wydział Gospodarczy Krajowego Rejestru Sądowego - KRS 101882 | NIP 957-07-52-316 | Kapitał zakładowy 200.000 PLN.

Ta wiadomość wraz z załącznikami jest przeznaczona dla określonego adresata i może zawierać informacje poufne. W razie przypadkowego otrzymania tej wiadomości, prosimy o powiadomienie nadawcy oraz trwałe jej usunięcie; jakiekolwiek przeglądanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited.

 

Join users@lists.zephyrproject.org to automatically receive all group messages.