> At least i386, amd64, macppc, sparc64, hppa, and loongson
> are supported. Hopefully the others are not far behind.
Oh someone will ask how to verify this is working correctly. Well,
you can't really tell.
The following kernel diff will let you know that the propolice cookie
has come from data supplied early on by the bootblocks, otherwise it
has to replace it:
Index: init_main.c
===================================================================
RCS file: /cvs/src/sys/kern/init_main.c,v
retrieving revision 1.196
diff -u -p -u -r1.196 init_main.c
--- init_main.c 28 Dec 2013 20:52:48 -0000 1.196
+++ init_main.c 28 Dec 2013 22:55:27 -0000
@@ -412,11 +409,13 @@ main(void *framep)
#endif
#if !defined(NO_PROPOLICE)
+ printf("original %lx\n", __guard_local);
if (__guard_local == 0) {
volatile long newguard;
arc4random_buf((void *)&newguard, sizeof newguard);
__guard_local = newguard;
+ printf("new %lx\n", __guard_local);
}
#endif
This might help someone add support to a missing architecture; it
is a good hint anyways.
