terminal icon indicating copy to clipboard operation
terminal copied to clipboard

Published 20 hours ago verified publisher icon microsoft

enable Intel CET

Open Andarwinux opened this issue 1 year ago • 2 comments

Description of the new feature/enhancement

Compile Windows Terminal with /guard:ehcont and link with /guard:ehcont /cetcompat

Proposed technical implementation details (optional)

Andarwinux avatar Aug 22 '24 15:08 Andarwinux

These flags are used by default for other system binaries (including inbox conhost). It may be worth checking how much these flags cost us in performance and/or binary size and to enable them.

lhecker avatar Aug 22 '24 16:08 lhecker

For what it's worth, we're building with the security configuration baseline established by Windows Undocked. The build system we're using enforces that baseline and does not seem to be signaling us as out-of-compliance.

DHowett avatar Aug 22 '24 16:08 DHowett

I can't test ehcont, but cetcompat seems to be fine, I forced hardware-enforced stack protection for Windows Terminal via WD on tigerlake and znver4 and didn't notice any performance impact.

Andarwinux avatar Aug 30 '24 04:08 Andarwinux