share/mk: Enable BRANCH_PROTECTION by default
AcceptedPublic
Actions

Authored by andrew on Mon, Jan 20, 1:02 PM.

Details

Reviewers

Group Reviewers

Summary

This enables Pointer Authentication (PAC) and Branch Target
Identification (BTI) on arm64. These are architecture features that
the compiler can use to help mitigate JOP and ROP attacks.

A rebuild of world with -WITH_CLEAN is suggested as the compilation
of all files may be affected.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 61802
Build 58686: arc lint + arc unit

Event Timeline

andrew created this revision.Mon, Jan 20, 1:02 PM

Herald added subscribers: imp, bdrewery. · View Herald TranscriptMon, Jan 20, 1:02 PM

andrew requested review of this revision.Mon, Jan 20, 1:02 PM

Harbormaster completed remote builds in B61802: Diff 149536.Mon, Jan 20, 1:02 PM

It's probably worth posting the UPDATING text to -CURRENT as well to help make sure this gets noticed.

This revision is now accepted and ready to land.Mon, Jan 20, 1:30 PM

Revision Contents
Changeset List

Path

Size

UPDATING

6 lines

share/

man/

man5/

src.conf.5

mk/

bsd.opts.mk

2 lines

Diff 149536

View Options

UPDATING

View Options

share/man/man5/src.conf.5

View Options

share/mk: Enable BRANCH_PROTECTION by defaultAcceptedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 149536

UPDATING

share/man/man5/src.conf.5

share/mk/bsd.opts.mk

share/mk: Enable BRANCH_PROTECTION by default
AcceptedPublic
Actions

Revision Contents
Changeset List