On Mon, Jul 14, 2025 at 12:45 PM Peter Zijlstra <[email protected]> wrote:
>
> Apparently some Rust 'core' code violates this and explodes when ran
> with FineIBT.
I think this was fixed in Rust 1.88 (latest version), right? Or is
there an issue still?
5595c31c3709 ("x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST
or Rust >= 1.88")
> - runtime EFI is especially henous because it also needs to disable
> IBT. Basically calling unknown code without CFI protection at
> runtime is a massice security issue.
heinous
massive
Cheers,
Miguel
