From: fw@deneb.enyo.de 
  
 * Emanuele Rocca: 
  
 > Hi, 
 > 
 > On 2025-09-06 06:50, Guillem Jover wrote: 
 >> Someone would need to check which shared objects are still not marked, 
 >> in a similar way as what Emanuele Rocca has been doing for arm64 (with 
 >> its PAC and BTI counterparts). 
 > 
 > On arm64, ELF files supporting what in Debian we call the "branch" 
 > hardening features (PAC, BTI, GCS) are marked with a special ELF note. 
 > 
 > $ readelf -n a.out | grep Properties 
 >       Properties: AArch64 feature: BTI, PAC, GCS 
 > 
 > The checks mentioned by Guillem are based on that note. They are 
 > performed daily on the whole archive, and the results are available 
 > here: https://people.debian.org/~ema/pac-bti/ 
 > 
 > Is there a similar test that can be performed on x86 ELF files to find 
 > out if fcf-protection is enabled properly? 
  
 readelf -nw would print something like this: 
  
 Displaying notes found in: .note.gnu.property 
   Owner                Data size        Description 
   GNU                  0x00000040       NT_GNU_PROPERTY_TYPE_0 
       Properties: x86 feature: IBT, SHSTK 
         x86 ISA needed: x86-64-baseline 
         x86 feature used: x86, XMM 
         x86 ISA used: x86-64-baseline 
  
 With elfutils, it's: 
  
 Note section [19] '.note.gnu.property' of 80 bytes at offset 0x5a48: 
   Owner          Data size  Type 
   GNU                   64  GNU_PROPERTY_TYPE_0 
     X86 FEATURE_1_AND: 00000003 IBT SHSTK 
     X86 0xc0008002 data: 01 00 00 00 
     X86 0xc0010001 data: 09 00 00 00 
     X86 0xc0010002 data: 01 00 00 00 
  
 The Intel CET features are IBT and SHSTK.  The other subthread 
 discusses enabling SHSTK only, in which case IBT would not show up. 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)