This basically means that binaries compiled with `-msign-return-address` will be unable to run on older ARM processors, I guess?
With SSEx, AVX, VT-d and friends programs could do feature detection on the fly and e.g. switch to software implementations of the algorithms, but I don't see a way to rewrite all function prologues to remove the `AUT` instruction?
Mark Rutland pointed out in the comments that the `PAC` and `AUT` instructions GCC picks to do the authentication are treated as NOPs on older processors.
That's pretty cool, but it seems to me that mixing in the stack pointer just means adding more code to function epilogues & prologues, while not buying much in the way of security. But no doubt I'm missing something.
The stack pointer is mixed in to the signing to act as a discriminator - it means you can't simply reuse a previously signed return pointer, you have to also have the stack frame in the same position.
As far as addition of code, you may have just been looking at the software implementation which isn't as secure as it isn't implementing an actual cryptographic signature (using a key that isn't visible from within the process)
This basically means that binaries compiled with `-msign-return-address` will be unable to run on older ARM processors, I guess?
With SSEx, AVX, VT-d and friends programs could do feature detection on the fly and e.g. switch to software implementations of the algorithms, but I don't see a way to rewrite all function prologues to remove the `AUT` instruction?
Mark Rutland pointed out in the comments that the `PAC` and `AUT` instructions GCC picks to do the authentication are treated as NOPs on older processors.
That's pretty cool, but it seems to me that mixing in the stack pointer just means adding more code to function epilogues & prologues, while not buying much in the way of security. But no doubt I'm missing something.
The stack pointer is mixed in to the signing to act as a discriminator - it means you can't simply reuse a previously signed return pointer, you have to also have the stack frame in the same position.
As far as addition of code, you may have just been looking at the software implementation which isn't as secure as it isn't implementing an actual cryptographic signature (using a key that isn't visible from within the process)