Intel Tiger Lake Mobile CPUs Getting CET Security Feature To Block Multi-Point Malware

Upcoming Intel’s next-gen Tiger Lake Mobility CPUs will have Control-flow Enforcement Technology. This will serve as an effective gateway for stopping multiple types of malware. Intel CET feature essentially governs the flow of operations inside a CPU and ensures malware is restricted from accessing multiple applications through CPU.

Intel CPUs have been regularly found to contain security vulnerabilities. Although the company has issued patches to mitigate the risk, the majority of the solutions have had a small negative impact on the performance. Intel appears to be proactively remedying the situation. The upcoming Tiger Lake CPUs, which are based on the advanced 10nm Node, will come inbuilt with CET to tackle the risks before they penetrate the system. The technology is about four years old.

How Will CET Protect Intel Tiger Lake Mobility CPUs And PCs?

Control-flow Enforcement Technology or CET deals with “control flow,” a term used to describe the order in which operations are executed inside the CPU. Traditionally, malware that attempts to run on a device tries to hunt vulnerabilities in other apps to hijack their control flow. If discovered, the malware can insert its malicious code to run in the context of another app.

Intel’s next-gen Tiger Lake Mobility CPUs will rely on CET to protect the control flow via two new security mechanisms. CET has Shadow Stack, and Indirect Branch Tracking, to ensure Malware cannot proceed. Shadow Stack essentially makes a copy of an app’s intended control flow, and stores the shadow stack in a secure area of the CPU. This ensures no unauthorized changes take place in an app’s intended execution order.

Indirect Branch Tracking restricts and prevents adding additional protections to an application’s ability to use CPU “jump tables.” These are essentially memory locations that are oftentimes (re)used or repurposed across an app’s control flow.

Shadow Stack will shield computers against a commonly used technique called Return Oriented Programming (ROP). In this technique, malware abuses the RET (return) instruction to add its own malicious code to a legitimate app’s control flow. On the other hand, Indirect Branch Tracking protects against two techniques called Jump Oriented Programming (JOP) and Call Oriented Programming (COP). Malware can attempt to abuse the JMP (jump) or CALL instructions to hijack a legitimate app’s jump tables.

Developers Had Ample Time To Append Their Software And Assimilate CET, Claims Intel:

The CET feature was first published way back in 2016. Hence software makers have had time to adjust their code for the first series of Intel CPUs that will support it, claims the company. Now Intel needs to ship CPUs that support CET instructions. Apps and platforms, including other operating systems, can activate support and opt-in for the protection CET provides.

Intel has chosen the 10nm Tiger Lake, the CPU maker’s proper microarchitecture evolution in a long time, for the inclusion of the hardware-based Malware protection feature. The company has assured that the technology will also be available in desktop and server platforms.


Alap Naik Desai

A B.Tech Plastics (UDCT) and a Windows enthusiast. Optimizing the OS, exploring software, searching and deploying solutions to strange and weird issues is Alap's main interest.