This status report pertains to both July and August 2025. It has been a busy summer here in Colorado. We will conclude this report with a discussion on FreeBSD's 15.0 release engineering cycle and its impact on HardenedBSD.| hardenedbsd.org
Due to scheduling conflicts, I didn't get the May 2025 status report out. This status report will cover both May and June 2025. A large portion of both May and June was spent on two things: pkgbase and the build infrastructure. FreeBSD has been working on providing packages for the base OS for a few years now and they're getting close to launching it experimentally. Their goal is to release FreeBSD 15.0 with support for packaged base. I updated our build scripts to also create a pkgbase repo ...| HardenedBSD
March was a busy month for the project with regards to the infrastructure. We saw some commits to src and ports, but development was pretty quiet overall. On 12 March 2025, we drastically expanded power capacity in the server room, adding two new 20 amp circuits. The electrician also prepared for an eventual mini-split HVAC unit that we hope to requisition in the next year or two. Due to the electrical work, we skipped performing package builds for March. We'll resume our regular package buil...| HardenedBSD
This status report includes January, since I missed publishing January's report. The last couple months have been busy, with progress being made on multiple fronts. In the src tree: PaX SEGVGUARD is now integrated with Capsicum. Capsicum violations now count against the process when the kern.trap_enotcap sysctl tunable is set. This feature was inspired by conversations with alip from Syd Linux. A new sysctl tunable (hardening.elf_pie_only) was created to control whether non-PIE ELF executable...| HardenedBSD
December was a delightfully relatively busy month for HardenedBSD. I started research on mitigating SROP due to a discussion with one of the Syd Linux developers. While I don't have an implementation just yet, I've started research on that. I created a private fork of the HardenedBSD src tree meant for collaborating with Aymeric Wibo on completing the BATMAN-adv mesh networking support. The idea here is to use the private fork to first separate the GPL bits into ports entries. The bits of cod...| HardenedBSD
This month saw a few improvements in HardenedBSD's source tree. We can now boot to multi-user on the StarFive VisionFive2 riscv64 SBC dev boards. They use a 39-bit address space, so we had to tune down our ASLR deltas for this board as if we were operating on a 32-bit architecture. This is obviously far from optimal, but it's what we have. Changes to the src tree: Ensure libhbsdcontrol operates only on regular files. Ensure hbsdcontrol does not follow symlinks by default. Provide an option to...| HardenedBSD
September was rather busy for me, so I didn't get the monthly status report out. So this status report covers both September and October 2024. We received a donation of four devices from Protectli. These devices will help us research and develop a censorship- and surveillance-resistant mesh network. More information can be found here. In the source tree: Specifying a NULL environment variable in execve is now prohibited. This helps address ROP payloads that simply pass NULL as the envp. The h...| HardenedBSD
The HardenedBSD Foundation is happy to announce a donation from the folks over at Protectli. Protectli is an open source firewall appliance company. This is their second donation to the HardenedBSD Foundation to date. This donation is for a specific project: the development of a censorship- and surveillance-resistant mesh network. Protectli donated four FW4B devices. These devices will help us research and develop a prototype network, with the end goal being wider deployment once the initial ...| HardenedBSD
This month was focused on ${LIFE} for me. One of our two dogs, Darth Vader, had a planned surgery that ended up being more intensive than originally anticipated. Just today (03 Sep 2024), he got a good bill of health from the veterinarian. He still can't use our doggy door to the backyard, but is a healthy good boy otherwise. :-)| hardenedbsd.org
Due to scheduling conflicts, I didn't get the May 2025 status report out. This status report will cover both May and June 2025.| hardenedbsd.org
Introduction| hardenedbsd.org
April was a busy month! There's a lot to get into, so here we go.| hardenedbsd.org
April was busy from an administrative perspective, with me working to get the Foundation and the Project ready to move to Colorado. We have around 90% of what we need to file as a not-for-profit, tax-exempt charitable organization in Colorado. We're hoping to file by the end of 05 May 2023.| hardenedbsd.org