In a joint announcement with SmartOS and OmniOSce, we are pleased to call for testing the illumos KPTI implementation by Alex Wilson, John Levon, and Robert Mustacchi at Joyent; read the full story at https://blog.cooperi.net/a-long-two-months.
Our contribution to this testing phase consists of Live Install images (GUI and Minimal Text) as well as an IPS repository containing a KPTI-enabled build of illumos-gate.
The GIT branch used for building illumos-gate is located at: https://github.com/alarcher/illumos-gate/tree/kpti
- Pre-KPTI patches from illumos-joyent for 9209, 9210, 9211, and 9215: http://cr.illumos.org/~webrev/jlevon/kpti-prep/
- Joyent’s KPTI patches from the kpti-squash branch at: https://github.com/rmustacc/illumos-gate/tree/kpti-squash
applied on top of illumos-gate as of 20180301.
The resources are available at http://dlc-int.openindiana.org/users/aurelien/kpti/.
The Live Media and Minimal Text Install images contained in this directory were generated on 20180302 from the KPTI branch and the main OpenIndiana Hipster repository.
They are available as ISO and USB images.
Additionally, the repository located at:
can be used to update the kernel to a new Boot Environment (BE) of an existing installation:
# beadm create kpti
# beadm mount kpti
Now assuming that the mountpoint is /path/to/be, the publisher should be added and set as preferred prior to the update:
# pkg -R /path/to/be set-publisher -P -O http://pkg.openindiana.org/kpti illumos-kpti
# pkg -R /path/to/be set-publisher --non-sticky openindiana.org
# pkg -R /path/to/be update -v
Finally, activate the BE and reboot:
# beadm activate kpti
# init 6
The repository is also provided as a p5p archive in the same directory.
For any feedback regarding this material, reach us at openindiana-discuss AT openindiana DOT org.
Find below the message posted by John Levon to the developer mailing-lists of illumos and of the distributions:
Hi all, please see below for test images for the various distributions.
These images include the KPTI (and PCID) work done by Joyent up to the current kpti-squash branch.
They are non-DEBUG except as noted. As before, any and all testing is useful, especially with “weird” things like LDT-using code, older machines, etc.
Thanks to Aurélien Larcher and Andy Fiddaman for building the OI and OmniOS images below.
# pkg update pkg
# pkg apply-hot-fix –be-name=kpti https://downloads.omniosce.org/pkg/bloody/kpti.p5p
# init 6
or for DEBUG bits:
# pkg apply-hot-fix –be-name=kpti https://downloads.omniosce.org/pkg/bloody/kpti-DEBUG.p5p