Re: [PATCH] x86/alternatives: Make FineIBT mode Kconfig selectable

From: Sami Tolvanen
Date: Wed May 01 2024 - 16:19:27 EST

Next message: Bjorn Andersson: "Re: [PATCH] firmware: qcom: uefisecapp: Allow on sc8180x Primus and Flex 5G"
Previous message: Kees Cook: "Re: [PATCH v3] batman-adv: Add flex array to struct batadv_tvlv_tt_data"
In reply to: Kees Cook: "Re: [PATCH] x86/alternatives: Make FineIBT mode Kconfig selectable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 30, 2024 at 5:02 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> Since FineIBT performs checking at the destination, it is weaker against
> attacks that can construct arbitrary executable memory contents. As such,
> some system builders want to run with FineIBT disabled by default. Allow
> the "cfi=kcfi" boot param mode to be selectable through Kconfig via the
> newly introduced CONFIG_CFI_AUTO_DEFAULT.
>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> ---

Reviewed-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx>

Sami

Next message: Bjorn Andersson: "Re: [PATCH] firmware: qcom: uefisecapp: Allow on sc8180x Primus and Flex 5G"
Previous message: Kees Cook: "Re: [PATCH v3] batman-adv: Add flex array to struct batadv_tvlv_tt_data"
In reply to: Kees Cook: "Re: [PATCH] x86/alternatives: Make FineIBT mode Kconfig selectable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]