| security.7 (ea6020830c8f88e2b844ae9700c8ef58fbb51c75) | security.7 (17edf152e556ec1bcbcdce2d34e1f1612f198d1e) |
|---|---|
| 1.\" Copyright (C) 1998 Matthew Dillon. All rights reserved. 2.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. 3.\" 4.\" Parts of this documentation were written by 5.\" Konstantin Belousov <kib@FreeBSD.org> under sponsorship 6.\" from the FreeBSD Foundation. 7.\" 8.\" Redistribution and use in source and binary forms, with or without --- 14 unchanged lines hidden (view full) --- 23.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27.\" SUCH DAMAGE. 28.\" 29.\" $FreeBSD$ 30.\" | 1.\" Copyright (C) 1998 Matthew Dillon. All rights reserved. 2.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. 3.\" 4.\" Parts of this documentation were written by 5.\" Konstantin Belousov <kib@FreeBSD.org> under sponsorship 6.\" from the FreeBSD Foundation. 7.\" 8.\" Redistribution and use in source and binary forms, with or without --- 14 unchanged lines hidden (view full) --- 23.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27.\" SUCH DAMAGE. 28.\" 29.\" $FreeBSD$ 30.\" |
| 31.Dd May 16, 2020 | 31.Dd June 11, 2020 |
| 32.Dt SECURITY 7 33.Os 34.Sh NAME 35.Nm security 36.Nd introduction to security under FreeBSD 37.Sh DESCRIPTION 38Security is a function that begins and ends with the system administrator. 39While all --- 995 unchanged lines hidden (view full) --- 1035Controls the mitigation of L1 Terminal Fault in bhyve hypervisor. 1036.It Dv vm.pmap.allow_2m_x_ept 1037amd64. 1038Allows the use of superpages for executable mappings under the EPT 1039page table format used by hypervisors on Intel CPUs to map the guest 1040physical address space to machine physical memory. 1041May be disabled to work around a CPU Erratum called 1042Machine Check Error Avoidance on Page Size Change. | 32.Dt SECURITY 7 33.Os 34.Sh NAME 35.Nm security 36.Nd introduction to security under FreeBSD 37.Sh DESCRIPTION 38Security is a function that begins and ends with the system administrator. 39While all --- 995 unchanged lines hidden (view full) --- 1035Controls the mitigation of L1 Terminal Fault in bhyve hypervisor. 1036.It Dv vm.pmap.allow_2m_x_ept 1037amd64. 1038Allows the use of superpages for executable mappings under the EPT 1039page table format used by hypervisors on Intel CPUs to map the guest 1040physical address space to machine physical memory. 1041May be disabled to work around a CPU Erratum called 1042Machine Check Error Avoidance on Page Size Change. |
| 1043.It Dv machdep.mitigations.rngds.enable 1044amd64 and i386. 1045Controls mitigation of Special Register Buffer Data Sampling versus 1046optimization of the MCU access. 1047When set to zero, the mitigation is disabled, and the RDSEED and RDRAND 1048instructions do not incur serialization overhead for shared buffer accesses, 1049and do not serialize off-core memory accessses. |
|
| 1043.It Dv kern.elf32.aslr.enable 1044Controls system-global Address Space Layout Randomization (ASLR) for 1045normal non-PIE (Position Independent Executable) 32bit binaries. 1046See also 1047.Xr proccontrol 1 1048mode 1049.Dv aslr , 1050also affected by the per-image control note flag. --- 52 unchanged lines hidden --- | 1050.It Dv kern.elf32.aslr.enable 1051Controls system-global Address Space Layout Randomization (ASLR) for 1052normal non-PIE (Position Independent Executable) 32bit binaries. 1053See also 1054.Xr proccontrol 1 1055mode 1056.Dv aslr , 1057also affected by the per-image control note flag. --- 52 unchanged lines hidden --- |