-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, Mar 02, 2021 at 11:17:54AM -0800, Scumbag wrote:
>
> I asked this before on Qubes
> forum(
https://qubes-os.discourse.group/t/xen-exploit-migitations/2469), but
> there were no replies so I'm hoping I'll get replies here:
>
> I saw in the Xen 4.14 release notes that Xen now supports hardware based
> Control-flow Enforcement Technology (CET) which has been introduced into
> Intels Tiger Lake and AMDs Zen3 CPUs.
> - Does Qubes support this as well?
Yes, we do have this enabled in Qubes 4.1.
> - And does Xen also have a softwarebased CFI?
Not that I'm aware of.
> - Does Xen also support ASLR now? Some years ago I read a post from Qubes
> saying that Xen didn’t have many exploit migitations and didn’t even
> support ASLR.
Indeed Xen doesn't have ASLR and won't have anytime soon (PV must die
first, at the very least). But it does use some other mitigations like
SMAP/SMEP. And also some of the more complex parts like instruction
emulator are integrated with fuzzy testing.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmA/Bt4ACgkQ24/THMrX
1yye8AgAgO7t/Sr4IbK7zD40T9ArO/cesRkgwnRM36pD4NQDXaW8UvMENJt+6yK2
HrEVOelnH9po5NF7vPf6od2wf1ndIWCouNKRIq4qeQ1DwaiaUqbL6GLKYkBOjEPg
1qSoHCg2UAMYg6lxrqM6pHneeTAUCnlYY15SdNv6aEJeP+ufjbpZD8HK4fA+W80S
TRvhMmoK1i2Cf5rsKDgiNiPjm5tZCsvcVwwPaKBvLSyEIceYoBstJQ9mfhlBR+dp
N5LtDFt7LZYaVHwrNClvOr1oHFgaPuLQDQeOs2bVM/vdrgTMUZQO72m4Gkm2+hi3
MZ6PTdX/OsrEHK47g3lTxmF4zwAsCA==
=7enJ
-----END PGP SIGNATURE-----