What’s next for hardware-level security features?
Seems like there's been a lot of hardware-enabled security features released for x64 in the last few years. MPX (albeit that's since been deprecated), MBEC, CET with indirect branch control and shadow stacks, VT-rp, SMEP/SMAP, Intel TDT to (supposedly) help EDR detect malware, etc. Combined with the old school features like DEP, TPMs for measured boot, and software-based security features the coverage of such protections seems pretty comprehensive.
Given the scarcity of information about Intel's roadmap past Arrow/Nova lake for desktops and Granite Rapids for servers, I can't find any information about the next great set of instructions Intel will introduce to protect users from opening macro-enabled Excel spreadsheets being exploited by APTs popping zero days against the Windows kernel to drop fileless polymorphic high-stealth rootkits.
Obviously the macro enabled Excel spreadsheets are far more common than the super-duper zero day exploits a lot of those hardware features are designed to harden software against, but I find the whole concept of devoting valuable silicon to CPU instructions designed to enforce ever stricter concepts of program correctness interesting, so since Intel doesn't officially have many new security features publicly in the pipe, what's some speculation about the next couple of instruction-level features that could be added to x86 to harden the kernel and applications?
