NetBSD's security features and hardening options

[carderplanet@national.shitposting.agency]

Hi.

When I want to harden my Linux kernel I do in my boot
config this:

1) lockdown=confidentiality

it eliminates many methods
that user space code could abuse to escalate to kernel
privileges and extract sensitive information

2) intel_iommu=on, or
3) amd_iommu=on

this fights against DMA attacks

4) efi=disable_early_pci_dma

This option fixes a hole in the above IOMMU by disabling
the busmaster bit on all PCI bridges during very early boot.

5) init_on_alloc=1
6) init_on_free=1

This enables zeroing of memory during allocation and free
time which can help mitigate use-after-free vulnerabilities
and erase sensitive information in memory.

7) page_alloc.shuffle=1

This option randomizes page allocator freelists, improving
security by making page allocations less predictable. This
also improves performance.

Which __equivalents__ (absolutely direct analogies) should I
use in NetBSD's environment to get the same effect?

I'm interested in:

- lockdown=confidentiality
- intel_iommu=on
- amd_iommu=on
- init_on_alloc=1
- init_on_free=1
- page_alloc.shuffle=1

And I'm very interested in:

- efi=disable_early_pci_dma

equivalent. It disables the busmaster bit in the
control register on all PCI bridges during very
early boot.

Here is some information for consideration in the context of my 
question.

- https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-934.pdf
- 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4444f8541dad16fefd9b8807ad1451e806ef1d94
- https://mjg59.dreamwidth.org/54433.html

Thank you for your advises and good day to you.