Navigation: Linux Kernel Driver DataBase - web LKDDB: Main index - A index

CONFIG_ARM64_PTR_AUTH: Enable support for pointer authentication

General informations

The Linux kernel configuration item CONFIG_ARM64_PTR_AUTH:

Help text

Pointer authentication (part of the ARMv8.3 Extensions) provides instructions for signing and authenticating pointers against secret keys, which can be used to mitigate Return Oriented Programming (ROP) and other attacks.

This option enables these instructions at EL0 (i.e. for userspace). Choosing this option will cause the kernel to initialise secret keys for each process at exec() time, with these keys being context-switched along with the process.

If the compiler supports the -mbranch-protection or -msign-return-address flag (e.g. GCC 7 or later), then this option will also cause the kernel itself to be compiled with return address protection. In this case, and if the target hardware is known to support pointer authentication, then STACKPROTECTOR can be disabled with minimal loss of protection.

The feature is detected at runtime. If the feature is not present in hardware it will not be advertised to userspace/KVM guest nor will it be enabled.

If the feature is present on the boot CPU but not on a late CPU, then the late CPU will be parked. Also, if the boot CPU does not have address auth and the late CPU has then the late CPU will still boot but with the feature disabled. On such a system, this option should not be selected.

This feature works with FUNCTION_GRAPH_TRACER option only if DYNAMIC_FTRACE_WITH_REGS is enabled.



Raw data from LKDDb:


This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

Automatic links from Google (and ads)

Custom Search

Popular queries:

Navigation: Linux Kernel Driver DataBase - web LKDDB: main index - A index

Automatically generated (in year 2020). See also LKDDb sources on GitLab