The prekern architecture
Kernel ASLR implementation for NetBSD, with advanced security properties.
Resources
NetBSD.org: The strongest KASLR, ever?
TheRegister.co.uk: NetBSD, OpenBSD improve kernel security, randomly
Download
The prekern, plus the kernel patches required, have all been committed to the NetBSD source tree. The prekern sources can be browsed here.
Installation
Make sure you have a v5.11 bootloader installed. If you don't:
$ cd /usr/src/sys/arch/i386/stand/boot/
$ make
# cp biosboot/boot /boot
Compile and install a new dynamic kernel:
$ cd /usr/src/
$ ./build.sh kernel=GENERIC_KASLR
# cp /usr/obj/sys/arch/amd64/compile/GENERIC_KASLR/netbsd /netbsd_kaslr
Build and install the prekern:
$ cd /usr/src/sys/arch/amd64/stand/prekern
$ make
# cp prekern /prekern
Reboot your machine. In the boot prompt, enter:
> pkboot netbsd_kaslr
The system will boot with no further user interaction. Note that the prekern
uses the screen (debug), and you may see the following being temporarily
displayed before the NetBSD kernel takes control:
Finally, you can still boot a static kernel, by typing as usual:
> boot netbsd