HardenedBSD 12 Released With Jailed Bhyve, Disables SMT By Default
While FreeBSD tends to be pretty good about security by default, the HardenedBSD downstream derivative is out with their latest release based upon FreeBSD 12.
In addition to re-basing against upstream FreeBSD 12.0-RELEASE, the inaugural stable release of HardenedBSD 12 adds Non-Cross-DSO CFI, introduces support for jailed Bhyve virtualization, per-jail toggles for unprivileged process debugging, enables Spectre V2 mitigation with Retpolines by default, disables SMT/HT by default, makes greater use of the LLVM compiler toolchain components, and for increasing performance its applications are now built with link-time optimizations (LTO).
HardenedBSD 12 disabling SMT by default follows the move by OpenBSD of disabling symmetric multi-threading in the name of security. But should you want to enable SMT for restoring greater performance, it can still be toggled via machdep.hyperthreading.
More details on HardenedBSD 12.0 via HardenedBSD.org.
In addition to re-basing against upstream FreeBSD 12.0-RELEASE, the inaugural stable release of HardenedBSD 12 adds Non-Cross-DSO CFI, introduces support for jailed Bhyve virtualization, per-jail toggles for unprivileged process debugging, enables Spectre V2 mitigation with Retpolines by default, disables SMT/HT by default, makes greater use of the LLVM compiler toolchain components, and for increasing performance its applications are now built with link-time optimizations (LTO).
HardenedBSD 12 disabling SMT by default follows the move by OpenBSD of disabling symmetric multi-threading in the name of security. But should you want to enable SMT for restoring greater performance, it can still be toggled via machdep.hyperthreading.
More details on HardenedBSD 12.0 via HardenedBSD.org.
Add A Comment