Hi Martin, (port-amd64@)
Oh RDRAND and RDSEED are supported by prekern, but I suppose the emulation in my QEMU instance did not. After a brief check on Wikipedia (https://en.wikipedia.org/wiki/RDRAND) it looks like not every amd64 CPU can be expected to support either of these instructions (Intel from 3rd-gen Core on, AMD from June 2015 on) and there are errata too, including in GCC (https://www.cryptopp.com/wiki/RDRAND_and_RDSEED, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180).
The prekern requires no interaction, so unless it fails, there is no issue there. I have a number of VMs running on serial consoles with GENERIC_KASLR, without any trouble. It works in virtual framebuffers too if necessary and available (e.g. VNC on Xen).
This I do not know, and it would make the setup easier and safer for sure. From what I can tell, the bootloader could easily detect KASLR kernels through the ELF flags: netbsd-GENERIC: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, for NetBSD 9.1, not stripped netbsd-GENERIC_KASLR: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), for NetBSD 9.1, not stripped
--
khorben
|
Attachment:
signature.asc
Description: Message signed with OpenPGP