CONFIG_X86_KERNEL_IBT:

General informations

The Linux kernel configuration item CONFIG_X86_KERNEL_IBT:

• prompt:
• type: bool
• depends on: ( CONFIG_X86_64 && CONFIG_CC_HAS_IBT && CONFIG_HAVE_OBJTOOL ) && (! CONFIG_LD_IS_LLD || CONFIG_LLD_VERSION >= CONFIG_140000 )
• defined in arch/x86/Kconfig
• found in Linux kernels: 5.18–5.19, 6.0–6.8, 6.9-rc+HEAD

Help text

Build the kernel with support for Indirect Branch Tracking, a hardware support course-grain forward-edge Control Flow Integrity protection. It enforces that all indirect calls must land on an ENDBR instruction, as such, the compiler will instrument the code with them to make this happen.

In addition to building the kernel with IBT, seal all functions that are not indirect call targets, avoiding them ever becoming one.

This requires LTO like objtool runs and will slow down the build. It does significantly reduce the number of ENDBR instructions in the kernel image.

Hardware

LKDDb

Raw data from LKDDb:

• (none)

Sources

This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

• Linux kernel
• Linux Kernel Driver DataBase (LKDDb)

Automatic links from Google (and ads)

Custom Search

Popular queries: