Bug 12363

Summary:	CONFIG_RANDOMIZE_BASE is disabled on aarch64
Product:	IPFire	Reporter:	Peter Müller <peter.mueller>
Component:	---	Assignee:	Peter Müller <peter.mueller>
Status:	CLOSED FIXED	QA Contact:	Arne.F <arne.fitzenreiter>
Severity:	Security
Priority:	Will only affect a few users	CC:	peter.mueller
Version:	2
Hardware:	unspecified
OS:	All
Bug Depends on:
Bug Blocks:	12361

Description Peter Müller 2020-04-14 15:17:42 UTC

Quote from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: Critical
>
> In support of Kernel Address Space Layout Randomization (KASLR) this randomizes
> the physical address at which the kernel image is decompressed and the virtual
> address where the kernel image is mapped as a security feature that deters
> exploit attempts relying on knowledge of the location of kernel code internals.

IMHO this is safe to be enabled on any architecture.

Comment 1 Peter Müller 2020-06-07 16:49:58 UTC

Patch for aarch64: https://patchwork.ipfire.org/patch/3162/

Comment 2 Peter Müller 2020-06-07 16:50:41 UTC

@Arne: Since I am not sure on whether enabling this on armv5tel, I would like to assign this bug to you.

Comment 3 Peter Müller 2020-06-09 17:20:11 UTC

Patch for armv5tel: https://patchwork.ipfire.org/patch/3172/

Comment 4 Arne.F 2020-06-10 06:45:18 UTC

build fails on aarch64!

https://nightly.ipfire.org/next/2020-06-09%2022:20:26%20+0000-e694bbd1/aarch64/

Comment 5 Peter MÃ¼ller 2022-08-02 09:57:46 UTC

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=7caecf45fbaab7f681d0aa3d5ea87ca660ff4f3d

Comment 6 Arne.F 2022-08-02 15:45:43 UTC

Short test on an RPi3 works now.

Comment 7 Peter MÃ¼ller 2022-08-15 19:17:29 UTC

https://blog.ipfire.org/post/ipfire-2-27-core-update-170-is-available-for-testing

Comment 8 Peter MÃ¼ller 2022-09-16 09:23:26 UTC

https://blog.ipfire.org/post/ipfire-2-27-core-update-170-released