On Thu, 21 Aug 2025 at 16:48:35 +0200, Marcos Del Sol Vives wrote:
Would it be acceptable to, rather than disable it entirely as previously
proposed, enable CET only when compiling for IA64 (amd64), but not for any
other architecture?
I think you are mixing up IA64 (Intel Itanium), a non-x86 instruction
set from Intel, with amd64/x86_64 (also known as EM64T or Intel 64), a
64-bit expansion of the x86 instruction set. They are not the same
thing, even though x86 is also referred to as IA32: you might reasonably
expect that the 64-bit expansion/replacement of IA32 would be called
IA64, but because of how Intel have chosen to name their products, that
is not actually true. (I agree that this naming is extremely confusing.)
Typical 64-bit "PC" laptops/desktops/servers are x86_64 machines that
can (hopefully) run Debian's amd64 architecture, regardless of whether
their CPU was manufactured by Intel, AMD or someone else.
If you want to get security-sensitive changes merged for the benefit of
these architectures, it will probably go better if you are clear about
which architecture you are talking about!
(Another relevant source of confusion is that 32-bit x86 is not the same
thing as x32.)
smcv
