I'm making a test build of #HardenedBSD 12-CURRENT/arm64 for the #RPI3 that has CFI enabled. Would anyone be interested in it?
@SuperFloppies I don't _need_ testing done by others, but if peeps are willing to help test, I'd love the help.
I don't have a checklist right now. Perhaps building some ports on the RPI3 would help.
@lattera Does the hardened system do any Linux syscall emu or is that still a no-go?
@SuperFloppies We've never removed the linuxulator in #HardenedBSD. :)
That said, #FreeBSD only recently started landing commits to get the linuxulator working on arm64.
@lattera Oh, I thought I recalled something about the hardened work causing the syscall emulation to be unsupported for some reason.
Will check it out tonight if it is linked.
@SuperFloppies The VDSO as currently implemented in the #FreeBSD linuxulator doesn't like ASLR applied to it. It's implemented in such a way that making it ASLR-safe would take a non-trivial amount of work.
So, you have to use secadm to disable ASLR on the linux application.
I'm disinterested in supporting the linuxulator, so patches to add that support would need to come from the community.
@lattera I’m awaiting your PINE64 port …
@cynicalsecurity I'll run a custom build just for you tonight. :)
Since I don't have a #Pine64, I'll want a report back if it works.
@lattera don’t, please, I’m moving my PINE64 stuff and won’t have time for another week at least :(
@cynicalsecurity Haha, okay. Lemme know when you'd like me to do it and I'd be happy to.
@lattera Do you need testing performed? Have a checklist?