On Mon, Mar 16, 2020 at 2:50 PM Niels Möller <ni...@lysator.liu.se> wrote: > > ... > 2. What I tried to ask about in the message you reply to, was how to > write a test within the Nettle testsuite, to verify that enabling CET > really has effect on a test executable (on systems where it is > expected to have effect). It's not obvious to me if and how the patch > improves that.
One more time to the list this time.... For the CET patch on Linux, use objdump -d to disassemble a file built with CET. Then grep for ENDBR: count=$(objdump -d some_source.o | grep -i -c endbr) if [ "$count" -eq 0 ]; then echo "Failed to enable CET" else echo "CET is enabled" fi You need a modern Binutils that supports ENDBR and ENDBR64. There are other instructions you can search for. See https://i.blackhat.com/asia-19/Thu-March-28/bh-asia-Sun-How-to-Survive-the-Hardware-Assisted-Control-Flow-Integrity-Enforcement.pdf. For example to search for ENDBR, RDSSP and WRSSP" count=$(objdump -d some_source.o | grep -i -c -E 'endbr|rdssp|wrssp') I don't know if/how to check for CET on other platforms, like the BSDs, OS X or Solaris. I know the tools to perform the disassembly, but I don't know the other details. Also see https://stackoverflow.com/q/56120231. Jeff _______________________________________________ nettle-bugs mailing list nettle-bugs@lists.lysator.liu.se http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs