Visible to Intel only — GUID: GUID-59552675-7A3E-4FF1-9BF2-8ED0AC2071B3
Visible to Intel only — GUID: GUID-59552675-7A3E-4FF1-9BF2-8ED0AC2071B3
fcf-protection, Qcf-protection
Enables Intel® Control-Flow Enforcement Technology (Intel® CET) protection, which defends your program from certain attacks that exploit vulnerabilities. This option offers preliminary support for Intel® CET.
Syntax
Linux: |
-fcf-protection[=keyword] |
macOS: |
None |
Windows: |
/Qcf-protection[:keyword] |
Arguments
keyword |
Specifies the level of protection the compiler should perform. Possible values are:
|
Default
-fcf-protection=none or /Qcf-protection:none |
No Control-flow Enforcement protection is performed. |
Description
This option enables Intel® CET protection, which defends your program from certain attacks that exploit vulnerabilities.
Intel® CET protections are enforced on processors that support Intel® CET. They are ignored on processors that do not support Intel® CET, so they are safe to use in programs that might run on a variety of processors.
Shadow stack protection helps to protect your program from return-oriented programming (ROP). Return-oriented programming (ROP) is a technique to exploit computer security defenses such as non-executable memory and code signing by gaining control of the call stack to modify program control flow and then execute certain machine instruction sequences.
Endbranch (EB) generation helps to protect your program from call/jump-oriented programming (COP/JOP). Jump-oriented programming (JOP) is a variant of ROP that uses indirect jumps and calls to emulate return instructions. Call-oriented programming (COP) is a variant of ROP that employs indirect calls.
This option only applies to host compilation. When offloading is enabled, it does not impact device-specific compilation. Offloading can only be enabled when using ifx.
IDE Equivalent
Alternate Options
Linux and macOS: -qcf-protection
Windows: None