- #1
- 15,092
- 9,621
- TL;DR Summary
- Intel added a feature to protect against certain types of hacker attacks and now Linux is planning to enable it.
https://www.phoronix.com/news/Linux-IBT-By-Default-Tip
IBT is part to Control Flow Integrity strategy/standard:
https://en.wikipedia.org/wiki/Control-flow_integrity
As an enhancement to the out-of-the-box Linux kernel in its default x86_64 configuration, it was being eyed to enable Indirect Branch Tracking by default. That change to enable IBT by default has been picked up by TIP's x86/core branch, thus putting it on deck as material for submitting with next month's Linux 6.2 merge window.
Indirect Branch Tracking is part of Intel Control-Flow Enforcement Technology (CET) with Tigerlake CPUs and newer. IBT provides indirect branch protection to defend against JOP/COP attacks by ensuring indirect calls land on an ENDBR instruction.
IBT is part to Control Flow Integrity strategy/standard:
https://en.wikipedia.org/wiki/Control-flow_integrity