OpenBSD: Mandatory enforcement of indirect branch targets

Theo de Raadt has made an update to the innovations.html page, discussing the implementation of indirect branch target restriction on the amd64 and arm64 platforms. This work has involved enforcing support for arm64 BTI and Intel IBT in both the kernels and userland binaries of OpenBSD. The approach taken by OpenBSD differs from Linux, as OpenBSD has made IBT/BTI enforcement mandatory by default, with the option to opt-out for specific binaries. In contrast, Linux continues to use a design similar to their executable-stack mechanism, which can lead to unsafe execution of programs. It is expected that Linux binaries without IBT/BTI enforcement will still exist and work unsafely in the future.;sid=20230714121907

To top