I saw in the Xen 4.14 release notes that Xen now supports hardware based Control-flow Enforcement Technology (CET) which has been introduced into Intels Tiger Lake and AMDs Zen3 CPUs. Does Qubes support this as well? And does Xen also have a softwarebased CFI? Does Xen also support ASLR now? Some years ago I read a post from Qubes saying that Xen didn’t have many exploit migitations and didn’t even support ASLR.
This question may get more traction on the qubes-devel mailing list.
I got a reply on the mailing list, for those interested: