Navigation: Linux Kernel Driver DataBase - web LKDDB: Main index - R index
The Linux kernel configuration item CONFIG_RANDOMIZE_BASE has multiple definitions:
arch/x86/KconfigThe configuration item CONFIG_RANDOMIZE_BASE:
CONFIG_RELOCATABLEIn support of Kernel Address Space Layout Randomization (KASLR), this randomizes the physical address at which the kernel image is decompressed and the virtual address where the kernel image is mapped, as a security feature that deters exploit attempts relying on knowledge of the location of kernel code internals.
On 64-bit, the kernel physical and virtual addresses are randomized separately. The physical address will be anywhere between 16MB and the top of physical memory (up to 64TB). The virtual address will be randomized from 16MB up to 1GB (9 bits of entropy). Note that this also reduces the memory space available to kernel modules from 1.5GB to 1GB.
On 32-bit, the kernel physical and virtual addresses are randomized together. They will be randomized from 16MB up to 512MB (8 bits of entropy).
Entropy is generated using the RDRAND instruction if it is supported. If RDTSC is supported, its value is mixed into the entropy pool as well. If neither RDRAND nor RDTSC are supported, then entropy is read from the i8254 timer. The usable entropy is limited by the kernel being built using 2GB addressing, and that PHYSICAL_ALIGN must be at a minimum of 2MB. As a result, only 10 bits of entropy are theoretically possible, but the implementations are further limited due to memory layouts.
If unsure, say Y.
arch/s390/KconfigThe configuration item CONFIG_RANDOMIZE_BASE:
(none)In support of Kernel Address Space Layout Randomization (KASLR), this randomizes the address at which the kernel image is loaded, as a security feature that deters exploit attempts relying on knowledge of the location of kernel internals.
arch/loongarch/KconfigThe configuration item CONFIG_RANDOMIZE_BASE:
CONFIG_RELOCATABLERandomizes the physical and virtual address at which the kernel image is loaded, as a security feature that deters exploit attempts relying on knowledge of the location of kernel internals.
The kernel will be offset by up to RANDOMIZE_BASE_MAX_OFFSET.
If unsure, say N.
arch/riscv/KconfigThe configuration item CONFIG_RANDOMIZE_BASE:
CONFIG_MMU && CONFIG_64BIT && ! CONFIG_XIP_KERNELRandomizes the virtual address at which the kernel image is loaded, as a security feature that deters exploit attempts relying on knowledge of the location of kernel internals.
It is the bootloader's job to provide entropy, by passing a random u64 value in /chosen/kaslr-seed at kernel entry.
When booting via the UEFI stub, it will invoke the firmware's EFI_RNG_PROTOCOL implementation (if available) to supply entropy to the kernel proper. In addition, it will randomise the physical location of the kernel Image as well.
If unsure, say N.
arch/powerpc/KconfigThe configuration item CONFIG_RANDOMIZE_BASE:
( CONFIG_PPC_85xx && CONFIG_FLATMEM ) && ( CONFIG_RELOCATABLE )Randomizes the virtual address at which the kernel image is loaded, as a security feature that deters exploit attempts relying on knowledge of the location of kernel internals.
If unsure, say Y.
arch/mips/KconfigThe configuration item CONFIG_RANDOMIZE_BASE:
CONFIG_RELOCATABLERandomizes the physical and virtual address at which the kernel image is loaded, as a security feature that deters exploit attempts relying on knowledge of the location of kernel internals.
Entropy is generated using any coprocessor 0 registers available.
The kernel will be offset by up to RANDOMIZE_BASE_MAX_OFFSET.
If unsure, say N.
arch/arm64/KconfigThe configuration item CONFIG_RANDOMIZE_BASE:
(none)Randomizes the virtual address at which the kernel image is loaded, as a security feature that deters exploit attempts relying on knowledge of the location of kernel internals.
It is the bootloader's job to provide entropy, by passing a random u64 value in /chosen/kaslr-seed at kernel entry.
When booting via the UEFI stub, it will invoke the firmware's EFI_RNG_PROTOCOL implementation (if available) to supply entropy to the kernel proper. In addition, it will randomise the physical location of the kernel Image as well.
If unsure, say N.
arch/x86/KconfigThe configuration item CONFIG_RANDOMIZE_BASE:
CONFIG_RELOCATABLERandomizes the physical and virtual address at which the kernel image is decompressed, as a security feature that deters exploit attempts relying on knowledge of the location of kernel internals.
Entropy is generated using the RDRAND instruction if it is supported. If RDTSC is supported, it is used as well. If neither RDRAND nor RDTSC are supported, then randomness is read from the i8254 timer.
The kernel will be offset by up to RANDOMIZE_BASE_MAX_OFFSET, and aligned according to PHYSICAL_ALIGN. Since the kernel is built using 2GiB addressing, and PHYSICAL_ALGIN must be at a minimum of 2MiB, only 10 bits of entropy is theoretically possible. At best, due to page table layouts, 64-bit can use 9 bits of entropy and 32-bit uses 8 bits.
If unsure, say N.
Raw data from LKDDb:
(none)This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).
The data is retrived from:
 
  Popular queries:
Navigation: Linux Kernel Driver DataBase - web LKDDB: main index - R index
Automatically generated (in year 2025). See also LKDDb sources on GitLab