From 0df8cf7b5210ff2df37f9e435f13439a67a22d55 Mon Sep 17 00:00:00 2001
From: Shawn Webb <shawn.webb@hardenedbsd.org>
Date: Tue, 8 Jun 2021 12:15:43 -0400
Subject: [PATCH] Provide some updates

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
---
 Home.md | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/Home.md b/Home.md
index cf76e8f..4f50f81 100644
--- a/Home.md
+++ b/Home.md
@@ -63,6 +63,8 @@ HardenedBSD has successfully implemented the following features:
 1. Non-Cross-DSO CFI in base
 1. Non-Cross-DSO CFI available in ports
 1. Retpoline applied to base and ports
+1. Variable auto-init applied to base and ports
+1. Link-Time Optimizations (LTO) applied to both apps and libs
 
 # Generic Kernel Options
 
@@ -205,6 +207,11 @@ When a process forks, the child process inherits its parent's ASLR
 settings, including deltas. Only at image activation (execve) time
 does a process receive new deltas.
 
+To thwart heap spray attacks, HardenedBSD randomizes per-thread
+stacks. Effectively, every call to `mmap(MAP_STACK)` gets randomized.
+Per-thread stack randomization can be disabled on a per-process basis
+by toggling ASLR for that process.
+
 ## Position-Independent Executables (PIEs)
 
 In order to make full use of ASLR, applications must be compiled as
@@ -421,13 +428,12 @@ yet. Cross-DSO CFI would allow functions resolved through
 `dlopen(3)`/`dlsym(3)` to work since CFI would be able to be applied
 between Dynamic Shared Object (DSO) boundaries. Significant progress
 has been made in the first half of 2018 with regards to Cross-DSO CFI.
-The base operating system can be fully compiled with Cross-DSO CFI. On
-16 Jul 2018, a pre-alpha
-[Call For
-Testing](https://hardenedbsd.org/article/shawn-webb/2018-07-16/preliminary-call-testing-cross-dso-cfi)
-was released for wider initial testing. The HardenedBSD core
-development team hopes to launch Cross-DSO CFI in base within the
-latter half of 2019.
+
+The Cross-DSO CFI work was paused in 2019 and 2020. Work has resumed
+in 2021, starting with applying LTO to libraries (in addition to the
+LTO already applied to apps). When built with Cross-DSO CFI, some
+applications, like the ZFS tools, crash. Work is ongoing to determine
+the cause of the crashes and fix them.
 
 # hbsdcontrol
 
@@ -687,4 +693,4 @@ Thus, generating a diff between the two configuration files would result in:
  baseurl="http://updates.hardenedbsd.org/pub/HardenedBSD/updates/${branch}/$(uname -m)"
 ```
 
-[back to top](https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/wikis/home#)
\ No newline at end of file
+[back to top](https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/wikis/home#)