On Mon, Feb 06, 2023 at 01:49:38PM +0100, Ard Biesheuvel wrote: > UEFI v2.10 extends the EFI memory attributes table with a flag that > indicates whether or not all RuntimeServicesCode regions were > constructed with ENDBR landing pads, permitting the OS to map these > regions with IBT restrictions enabled. > > So let's take this into account on x86 as well. > > Suggested-by: Peter Zijlstra <peterz@xxxxxxxxxxxxx> # ibt_save() changes > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> Looks about right; would be lovely if someone with a fresh enough firmware image could actually test this though.. Acked-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
