Hi! > > > > + help > > > > + Indirect Branch Tracking (IBT) provides protection against > > > > + CALL-/JMP-oriented programming attacks. It is active when > > > > + the kernel has this feature enabled, and the processor and > > > > + the application support it. When this feature is enabled, > > > > + legacy non-IBT applications continue to work, but without > > > > + IBT protection. > > > > + > > > > + If unsure, say y > > > > > > If unsure, say y. > > > > Actually, it would be "If unsure, say Y.", to be consistent with the > > rest of the Kconfig. > > > > But I wonder if Yes by default is good idea. Only very new CPUs will > > support this, right? Are they even available at the market? Should the > > help text say "if your CPU is Whatever Lake or newer, ...." :-) ? > > > > CET enabled kernel runs on all x86-64 processors. All my machines > are running the same CET enabled kernel binary. I believe that. But enabling CET in kernel is useless on Core 2 Duo machine, right? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: PGP signature