Conversation
OpenBSD's clang has retguard, created by Todd Mortimer. I don't anyone is looking to enable CFI, we also do not enable LTO by default either which I believe Clang CFI requires. I think there has been be some legitimate concerns with both LTO and CFI. I don't know the details.
1
1
LTO enables more optimizations by allowing optimizations across C translation units. You don't really have to enable those to use CFI though. It works fine without LTO optimization passes. It only needs LTO so that it has full visibility over each executable / shared object.
1
By default, LTO mode reduces the per-translation-unit optimization passes to avoid redundant work and then does a bunch of work at link-time so that it can optimize across modules. Can use LTO and change the optimization passes so that it largely just gives visibility for CFI.
1
There are other ways to do CFI than the Clang approach. Their approach maintains binary compatibility and enables introducing it gradually while working towards full coverage. It's possible to have lower overhead (not the Clang CFI bitmaps, etc) by changing ABI for calls instead.