When we first introduced our ASLR patch upstream to FreeBSD, we provided a mechanism via ugidfw for system administrators and users to toggle ASLR and other security features on a per-binary basis. However, this mechanism was more of a hack than a production-ready solution. We have been hard at work to rearchitect a new production-ready implementation. We designed an application that we like to call secadm, short for Security Administration. This application will serve as the basis for advanced administration of the security features we implement in HardenedBSD. Read on for the full release announcement.

Our website and its database server will be undergoing routine maintenance this weekend. Please expect some downtime. Our build server will still be up if you need to grab builds. Thank you for your patience.

HardenedBSD is growing, thanks to our donors. We've built a new server and thanks to a generous donation, we have a hosted second server. One server is generating nightly builds (our Jenkins instance) and the other is a development workhorse and is responsible for our package building. Our old server took 3.5 hours to do a buildworld+buildkernel just for amd64 and around 75-80 hours for a package build for amd64. Our new server takes 3.5 hours to do a buildworld+buildkernel+release for amd64, i386. and beaglebone black and does a package build in around 50 hours. The core team and the developers at HardenedBSD would like to thank all who have donated (and those who will donate in the future). Read on to learn our plans for our package repos.

We're working hard to bring the FreeBSD community (and the Internet community as a whole) many security enhancements. We're looking to build an automated infrastructure along with providing our developers a system to do dedicated development on. We're paying everything out of pocket and our expenses are quite high, even as a new project. As such, we've started a crowdfunding campaign on Indiegogo for a dedicated development server.

A new amd64 build of the hardened/current/master branch has been uploaded here. In that directory, you'll find a file called HASHES. I've included all the distsets and even the memstick images. You can verify a successful download of your media by validating with that file. I've started a new amd64 package run as of 12:00 EST today.