HardenedBSD 12 Released With Jailed Bhyve, Disables SMT By Default

Written by Michael Larabel in BSD on 19 December 2018 at 01:59 AM EST. Add A Comment
BSD
While FreeBSD tends to be pretty good about security by default, the HardenedBSD downstream derivative is out with their latest release based upon FreeBSD 12.

In addition to re-basing against upstream FreeBSD 12.0-RELEASE, the inaugural stable release of HardenedBSD 12 adds Non-Cross-DSO CFI, introduces support for jailed Bhyve virtualization, per-jail toggles for unprivileged process debugging, enables Spectre V2 mitigation with Retpolines by default, disables SMT/HT by default, makes greater use of the LLVM compiler toolchain components, and for increasing performance its applications are now built with link-time optimizations (LTO).

HardenedBSD 12 disabling SMT by default follows the move by OpenBSD of disabling symmetric multi-threading in the name of security. But should you want to enable SMT for restoring greater performance, it can still be toggled via machdep.hyperthreading.

More details on HardenedBSD 12.0 via HardenedBSD.org.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week