Arm processors provide two security features called Pointer Authentication (PAC) and Branch Target Identification (BTI). They are designed to mitigate Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP) security exploits respectively. Enabling features such as PAC and BTI in a Linux distribution entails modifications all across the board, from the Kernel to the C library and compiler. Further, all packages need to be rebuilt with a specific compiler flag in order for the features to be enabled.

This talk presents the integration work done so far in Debian, how we are monitoring enablement progress, and the tasks ahead.