* Yu-cheng Yu: > +ENDBR > + The compiler inserts an ENDBR at all valid branch targets. Any > + CALL/JMP to a target without an ENDBR triggers a control > + protection fault.
Is this really correct? I think ENDBR is needed only for indirect branch targets where the jump/call does not have a NOTRACK prefix. In general, for security hardening, it seems best to minimize the number of ENDBR instructions, and use NOTRACK for indirect jumps which derive the branch target address from information that cannot be modified. Thanks, Florian