Xen exploit mitigations
40 views
Skip to first unread message
Scumbag
Mar 2, 2021, 2:17:55 PM3/2/21
to qubes-devel
I asked this before on Qubes forum(https://qubes-os.discourse.group/t/xen-exploit-migitations/2469), but there were no replies so I'm hoping I'll get replies here:
I saw in the Xen 4.14 release notes that Xen now supports hardware based Control-flow Enforcement Technology (CET) which has been introduced into Intels Tiger Lake and AMDs Zen3 CPUs.
- Does Qubes support this as well?
- And does Xen also have a softwarebased CFI?
- Does Xen also support ASLR now? Some years ago I read a post from Qubes saying that Xen didn’t have many exploit migitations and didn’t even support ASLR.
Marek Marczykowski-Górecki
Mar 2, 2021, 10:47:51 PM3/2/21
to Scumbag, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, Mar 02, 2021 at 11:17:54AM -0800, Scumbag wrote:
>
> I asked this before on Qubes
> forum(https://qubes-os.discourse.group/t/xen-exploit-migitations/2469), but
> there were no replies so I'm hoping I'll get replies here:
>
> I saw in the Xen 4.14 release notes that Xen now supports hardware based
> Control-flow Enforcement Technology (CET) which has been introduced into
> Intels Tiger Lake and AMDs Zen3 CPUs.
> - Does Qubes support this as well?
Yes, we do have this enabled in Qubes 4.1.
> - And does Xen also have a softwarebased CFI?
Not that I'm aware of.
> - Does Xen also support ASLR now? Some years ago I read a post from Qubes
> saying that Xen didn’t have many exploit migitations and didn’t even
> support ASLR.
Indeed Xen doesn't have ASLR and won't have anytime soon (PV must die
first, at the very least). But it does use some other mitigations like
SMAP/SMEP. And also some of the more complex parts like instruction
emulator are integrated with fuzzy testing.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmA/Bt4ACgkQ24/THMrX
1yye8AgAgO7t/Sr4IbK7zD40T9ArO/cesRkgwnRM36pD4NQDXaW8UvMENJt+6yK2
HrEVOelnH9po5NF7vPf6od2wf1ndIWCouNKRIq4qeQ1DwaiaUqbL6GLKYkBOjEPg
1qSoHCg2UAMYg6lxrqM6pHneeTAUCnlYY15SdNv6aEJeP+ufjbpZD8HK4fA+W80S
TRvhMmoK1i2Cf5rsKDgiNiPjm5tZCsvcVwwPaKBvLSyEIceYoBstJQ9mfhlBR+dp
N5LtDFt7LZYaVHwrNClvOr1oHFgaPuLQDQeOs2bVM/vdrgTMUZQO72m4Gkm2+hi3
MZ6PTdX/OsrEHK47g3lTxmF4zwAsCA==
=7enJ
-----END PGP SIGNATURE-----
Hash: SHA256
On Tue, Mar 02, 2021 at 11:17:54AM -0800, Scumbag wrote:
>
> I asked this before on Qubes
> forum(https://qubes-os.discourse.group/t/xen-exploit-migitations/2469), but
> there were no replies so I'm hoping I'll get replies here:
>
> I saw in the Xen 4.14 release notes that Xen now supports hardware based
> Control-flow Enforcement Technology (CET) which has been introduced into
> Intels Tiger Lake and AMDs Zen3 CPUs.
> - Does Qubes support this as well?
> - And does Xen also have a softwarebased CFI?
> - Does Xen also support ASLR now? Some years ago I read a post from Qubes
> saying that Xen didn’t have many exploit migitations and didn’t even
> support ASLR.
first, at the very least). But it does use some other mitigations like
SMAP/SMEP. And also some of the more complex parts like instruction
emulator are integrated with fuzzy testing.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmA/Bt4ACgkQ24/THMrX
1yye8AgAgO7t/Sr4IbK7zD40T9ArO/cesRkgwnRM36pD4NQDXaW8UvMENJt+6yK2
HrEVOelnH9po5NF7vPf6od2wf1ndIWCouNKRIq4qeQ1DwaiaUqbL6GLKYkBOjEPg
1qSoHCg2UAMYg6lxrqM6pHneeTAUCnlYY15SdNv6aEJeP+ufjbpZD8HK4fA+W80S
TRvhMmoK1i2Cf5rsKDgiNiPjm5tZCsvcVwwPaKBvLSyEIceYoBstJQ9mfhlBR+dp
N5LtDFt7LZYaVHwrNClvOr1oHFgaPuLQDQeOs2bVM/vdrgTMUZQO72m4Gkm2+hi3
MZ6PTdX/OsrEHK47g3lTxmF4zwAsCA==
=7enJ
-----END PGP SIGNATURE-----
Scumbag
Mar 3, 2021, 1:42:27 PM3/3/21
to qubes-devel
Op woensdag 3 maart 2021 om 04:47:51 UTC+1 schreef marm...@invisiblethingslab.com:
Thank you for explaining Marek!
Reply all
Reply to author
Forward
0 new messages