Open Bug 1626950 (cet) Opened 4 years ago Updated 6 months ago

[meta] Investigating support Intel CET features

Categories

(Firefox Build System :: General, enhancement, P3)

enhancement

Tracking

(Not tracked)

People

(Reporter: tcampbell, Unassigned)

References

(Depends on 3 open bugs)

Details

(Keywords: meta)

Control-flow Enforcement Technology (CET) is an upcoming feature in Intel processors where there are is hardware assistance for control-flow integrity security hardening. This meta-bug tracks some of the technical changes that would be needed in Firefox.

CET primarily has two technologies:

  • Shadow Stack (SHSTK): A hardware shadow stack of return addresses to try and prevent Return-Oriented-Programming attacks.
  • Indirect Branch Tracking (IBT): A hardware-assisted validation of indirect call/jmp targets. This serves a similar need to CFG and CFI approaches which are software only.

With most of these control-flow integrity approaches, special support in our JavaScript JITs will be required.

NOTE: Different platforms may choose different combinations of SHSTK / IBT / CFG / CFI.
NOTE: The hardware for this is not currently generally available yet.

Depends on: 1626952
Depends on: 1626954
Alias: cet
Priority: -- → P3
Depends on: 1626955
Severity: normal → S3
Depends on: 1689398
Depends on: 1722326
Depends on: 1724195
Depends on: 1727742, 1727739
No longer depends on: 1722326, 1724195
Depends on: 1834740
Depends on: 1834741
You need to log in before you can comment on or make changes to this bug.