
ARM pointer authentication (2017) - ingve
https://lwn.net/Articles/718888/
======
mschuster91
This basically means that binaries compiled with `-msign-return-address` will
be unable to run on older ARM processors, I guess?

With SSEx, AVX, VT-d and friends programs could do feature detection on the
fly and e.g. switch to software implementations of the algorithms, but I don't
see a way to rewrite all function prologues to remove the `AUT` instruction?

~~~
whitecream
Mark Rutland pointed out in the comments that the `PAC` and `AUT` instructions
GCC picks to do the authentication are treated as NOPs on older processors.

------
zeveb
That's pretty cool, but it seems to me that mixing in the stack pointer just
means adding more code to function epilogues & prologues, while not buying
much in the way of security. But no doubt I'm missing something.

~~~
olliej
The stack pointer is mixed in to the signing to act as a discriminator - it
means you can't simply reuse a previously signed return pointer, you have to
also have the stack frame in the same position.

As far as addition of code, you may have just been looking at the software
implementation which isn't as secure as it isn't implementing an actual
cryptographic signature (using a key that isn't visible from within the
process)

