> At least i386, amd64, macppc, sparc64, hppa, and loongson > are supported. Hopefully the others are not far behind.
Oh someone will ask how to verify this is working correctly. Well, you can't really tell. The following kernel diff will let you know that the propolice cookie has come from data supplied early on by the bootblocks, otherwise it has to replace it: Index: init_main.c =================================================================== RCS file: /cvs/src/sys/kern/init_main.c,v retrieving revision 1.196 diff -u -p -u -r1.196 init_main.c --- init_main.c 28 Dec 2013 20:52:48 -0000 1.196 +++ init_main.c 28 Dec 2013 22:55:27 -0000 @@ -412,11 +409,13 @@ main(void *framep) #endif #if !defined(NO_PROPOLICE) + printf("original %lx\n", __guard_local); if (__guard_local == 0) { volatile long newguard; arc4random_buf((void *)&newguard, sizeof newguard); __guard_local = newguard; + printf("new %lx\n", __guard_local); } #endif This might help someone add support to a missing architecture; it is a good hint anyways.