RPI/ARM64: Test firmware available for kernel address space randomization
Michael Zoran
mzoran at crowfest.net
Fri Jan 13 22:43:53 PST 2017
I just wanted to share a 64-bit development that may be of
interest to others...
A test version of the RPI firmware is available that includes
support for kernel address space randomization which is a useful
security feature. Until now, with the exception of large swap files I
don't think 64-bit has had much value add on the RPI 3.
To use it all that is required is to build the 64 bit kernel
with "CONFIG_RANDOMIZE_BASE=y" added to the kernel build config and
drop in the test version of the firmware. It works on both upstream and
downstream versions of the kernel. I've been testing it today and it
seems to be working rather well.
The topic on this feature is here and includes the location of
the test firmware:
https://github.com/raspberrypi/firmware/issues/694
If everything is working, the kernel virtual memory map that is
printed at the start of the boot log will be slightly different on each
boot. My understanding is that the firmware changes will be available
in the next github release.
Thanks.
More information about the linux-rpi-kernel
mailing list