So why isn't this compiler properly generating code that works with CET like it
should?

1.  Software issues

Sadly, the totally undocumented gold linker that every says we ought to use
lags far, far behind the bfd linker those same fools says is obsolete.  The
maintained, documented bfd linker includes man pages and an info file, and is
already ready for Intel's CET.

However, the highly-touted but essentially unmaintained gold linker does not
accept '-z shstk' or '-z ibt'.  Since there is no man page or info file, and in
fact no meaningful, current documentation for it exists at all, I don't know if
that is intentional or not and probably I never will know.  The few documents
that mention gold say it takes the same options as the bfd ld linker.  Uh, no,
not really.

I do know that while I can include that stuff in my assembly, and it leaves it
in (I checked with readelf and objdump on the object file), the gold linker
strips the out the '.note.gnu.property' section.  The ld linker also strips it
out, but provides the '-z ibt' and '-z shstk' options to set the necessary
property flags to enable the shadow stack and branch tracking.

2.  Hardware issues

I'm still supporting a Haswell CPU, so even if I use the bfd linker and added
all the endbr64 statements, I cannot test this.  Nobody I know owns a machine
new enough to actually support CET, and at work, my Haswell is considered one
of the new machines (and yeah, it's July in 2021 as I type this).

3.  Documentation issues

I haven't been able to find out one way or the other whether the Ryzen CPUs
support CET (or some other alternative) in hardware.  Everybody is saying CET
is great, but I haven't found any non-trivial, useful examples.  The people who
know aren't talking, probably trying to guarantee their job security during
these troubled, virus-infected times.  Or maybe there just aren't any CPUs with
CET actually shipping yet?  I just don't know.  And the so-called CPU reviews
on the web never tell you what you need to know (which vulnerabilities were
fixed and which remain, and the output of something like a modern copy of
cpuinfo that shows the processor flags).
