File:  [NetBSD Developer Wiki] / wikisrc / security / kaslr.mdwn
Revision 1.1: download - view: text, annotated - select for diffs
Thu Aug 2 17:24:41 2018 UTC (2 years, 7 months ago) by maxv
Branches: MAIN
CVS tags: HEAD
Add a KASLR howto. Not much to say, but it needs to be officially said
somewhere. I'll perhaps add a nude or two to enlighten if there is some

[[!meta title="Using KASLR"]]

NetBSD supports Kernel ASLR on x86 64bit CPUs (amd64), starting from
NetBSD 9.0.


Install the prekern:

[[!template id=programlisting text="""
# cp /usr/mdec/prekern /

Obtain a GENERIC_KASLR kernel. Such a kernel can be either downloaded from
the NetBSD FTP server, for example on:

[[!template id=programlisting text="""

Or compiled from scratch, using:

[[!template id=programlisting text="""
# cd /usr/src
# ./ kernel=GENERIC_KASLR

Install this KASLR kernel:

[[!template id=programlisting text="""
# cp /path/to/your/kernel /netbsd_kaslr

Finally, add the following line in the `/boot.cfg` file:

[[!template id=filecontent name="/boot.cfg" text="""
menu=Boot KASLR:rndseed /var/db/entropy-file;pkboot netbsd_kaslr

Now the installation is complete.


To use KASLR, just choose the "Boot KASLR" option in the menu at boot
time. That's it!

Technical Resources

* [Kernel ASLR on amd64](
* [The strongest KASLR, ever?](

CVSweb for NetBSD wikisrc <> software: FreeBSD-CVSweb