-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, Mar 02, 2021 at 11:17:54AM -0800, Scumbag wrote: > > I asked this before on Qubes > forum(https://qubes-os.discourse.group/t/xen-exploit-migitations/2469), but > there were no replies so I'm hoping I'll get replies here: > > I saw in the Xen 4.14 release notes that Xen now supports hardware based > Control-flow Enforcement Technology (CET) which has been introduced into > Intels Tiger Lake and AMDs Zen3 CPUs. > - Does Qubes support this as well?
Yes, we do have this enabled in Qubes 4.1. > - And does Xen also have a softwarebased CFI? Not that I'm aware of. > - Does Xen also support ASLR now? Some years ago I read a post from Qubes > saying that Xen didn’t have many exploit migitations and didn’t even > support ASLR. Indeed Xen doesn't have ASLR and won't have anytime soon (PV must die first, at the very least). But it does use some other mitigations like SMAP/SMEP. And also some of the more complex parts like instruction emulator are integrated with fuzzy testing. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmA/Bt4ACgkQ24/THMrX 1yye8AgAgO7t/Sr4IbK7zD40T9ArO/cesRkgwnRM36pD4NQDXaW8UvMENJt+6yK2 HrEVOelnH9po5NF7vPf6od2wf1ndIWCouNKRIq4qeQ1DwaiaUqbL6GLKYkBOjEPg 1qSoHCg2UAMYg6lxrqM6pHneeTAUCnlYY15SdNv6aEJeP+ufjbpZD8HK4fA+W80S TRvhMmoK1i2Cf5rsKDgiNiPjm5tZCsvcVwwPaKBvLSyEIceYoBstJQ9mfhlBR+dp N5LtDFt7LZYaVHwrNClvOr1oHFgaPuLQDQeOs2bVM/vdrgTMUZQO72m4Gkm2+hi3 MZ6PTdX/OsrEHK47g3lTxmF4zwAsCA== =7enJ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/YD8G3hWZaOgVPB%2Bg%40mail-itl.
