HardenedBSD December 2021 Status Report

It has been a busy December! I worked on 14-CURRENT/arm64 support. HardenedBSD now builds (nearly) all of world (both libraries and applications) with Link-Time Optimization (LTO). We now have two ThunderX1 systems. Over the past few months, FreeBSD introduced one or more commits that is causing the ThunderX1 system we use for package builds to fail to boot. Oddly, the other ThunderX1 server (used for arm64 development, rather than package builds) boots just fine. I've been working on tracking down which commit(s) are the culprit, but doing so takes time.

FreeBSD also landed a proper VDSO implementation. However, the implementation lacks ASLR support. Due to scheduling issues, I've reverted the VDSO-related commits until I have a solid weekend to hack on it, applying our PaX-inspired ASLR implementation to it. I hope to have that time mid-January or early February.

I narrowed down a few more issues in ports related to our switch to a more complete LLVM compiler toolchain. There are still a large number of ports to fix, which stands as a testament that the development community relies heavily on a GNU-based toolchain. Ideally, projects shouldn't care what toolchain is being used.

Loic landed ClonOS support in the HardenedBSD ports tree. He also helped address more LLVM toolchain fallout. I have a number of merge requests to review from him. Keep up the good work, Loic!

On Sunday (26 Dec 2021), I plan to work on HardenedBSD financials. I'm a bit late in sending out the typical "would you like to be listed on our donor's page" emails. I hope to also work on a 2022 project roadmap.

HardenedBSD has had a lot of help in 2021. The community's contributions have directly improved HardenedBSD. We received a number of server donations, which enables us to build packages quicker and more reliably. We were able to expand our arm64 support. All donations have gone to support either hardware or the few monthly expenses we have. I am grateful for any contribution, no matter the form it comes in--whether that's advocacy, patch submissions, monetary donations, hardware donations, etc. Your generosity enables the success of this project.