A new amd64 build of the hardened/current/master branch has been uploaded here. In that directory, you'll find a file called HASHES. I've included all the distsets and even the memstick images. You can verify a successful download of your media by validating with that file. I've started a new amd64 package run as of 12:00 EST today.

In two days, I will be headed out to Sofia, Bulgaria with my wife to attend and speak at EuroBSDCon. I will be speaking on Sunday the 28th of September regarding ASLR in FreeBSD/HardenedBSD. My wife and I will arrive a few days early to do tourist stuff and to attend the FreeBSD dev summit. If you're there, feel free to come talk to me. I'm really excited as this will be my first time to Europe and my wife's first time outside the country at all. I've been to Canada a few times, but Canada doesn't really count.

The amd64 package repo based on the hardened/current/master branch is now live! The packages are signed by us. The RSA certificate used for package signing can be found attached to this post and can additionally be found here. The repository can be found here. We will be updating the amd64 repo on a weekly basis.

We've just published a new build, so head on over to the Latest Builds page to check it out. The new build contains a new HardenedBSD-only change (so a change we will not upstream) that adds a sysctl tunable to fully disable mmap(MAP_32BIT) support on amd64. Mappings that reside only in the 32bit address space don't have enough bits to randomize, so disabling this feature entirely removes one more attack vector. Now that pkg 1.3.7 is out, we're building our first pkg repo.