]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit
projects / people / pmueller / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6726107) | patch
linux: Give CONFIG_RANDOMIZE_BASE on aarch64 another try
authorPeter Müller <peter.mueller@ipfire.org>
Mon, 11 Jul 2022 15:07:22 +0000 (15:07 +0000)
committerPeter Müller <peter.mueller@ipfire.org>
Mon, 1 Aug 2022 10:20:20 +0000 (10:20 +0000)
commit7caecf45fbaab7f681d0aa3d5ea87ca660ff4f3d
tree325d58ccc22843beca0887746d2635aba1565729tree | snapshot
parent67261075a370b0baa62a25d11ba2773569020785commit | diff
linux: Give CONFIG_RANDOMIZE_BASE on aarch64 another try

Quoted from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: Critical
>
> In support of Kernel Address Space Layout Randomization (KASLR) this randomizes
> the physical address at which the kernel image is decompressed and the virtual
> address where the kernel image is mapped as a security feature that deters
> exploit attempts relying on knowledge of the location of kernel code internals.

We tried to enable this back in 2020, and failed. Since then, things
may have been improved, so let's give this low-hanging fruit another
try.

Fixes: #12363
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
config/kernel/kernel.config.aarch64-ipfire diff | blob | blame | history
config/rootfiles/common/aarch64/linux diff | blob | blame | history
Peter's tree of IPFire 2.x