I’m running self compiled hardened kernel and I enabled kernel lockdown mode. Before that it was disabled. Maybe Arch team disabled it.
Now I’ve installed it and Librewolf works nornally. Is that normal or is malloc not working or is Librewolf compiled with hardened malloc?
I’ve heard about googerteller and I never thought someone will use it (except to try it)
Thank you for the list! Do you maybe know where can I find explanations what does each option do? I know only half of them and I already use some of them.
Actually it’s not (but it was) a fork of OpenBSD’s allocator, but rewrite of a fork. They wanted too much changes so they decided to rewrite it from scratch.
That would be too big performance hit
I will try hardened_malloc, I already use it on my phone. I have GrapheneOS.
On laptop with Ryzen 5 5500U (12 threads) it takes 50 minutes and on desktop with Ryzen 7 3700X (16 threads) it takes 20 minutes. I use all threads to compile the kernel.
It compiles way waster with Gentoo, because it has minimal config. I used the default config from Arch repos and modified it. It’s full of unneeded drivers, but I’m scared of disabling them. I already disabled wrong drivers a few times and had to use different kernel to boot.
I will try it out, thank you :)
Sorry, I read to fast, I ment Japan
deleted by creator
Yep, just one stick. Now everything works like it should!
Thank you for your help!
XMP is somekind of overclocking, but I disabled it.
Its not only one bit flip but at leats two (in a single byte), I figured out using addresses in the errors.
I was also scared that it’s the cpu, because it was the most expensive part when I build the PC. Thankfully I think it’s not, now I’m running memtest again with no errors without one ram stick.
I disabled XMP (overclocking, but not really) and still errors. I removed one stick and the test is currently on 35% with no errors (thats new record). I will also try with other one to confirm its defective. Thank you :)
Medicat is like a Ventoy (USB that can have multiple iso files).
Now I disabled XMP (makes ram faster) and ran test again and still errors. I noticed that all errors give same mesaage: expected “address”, actual “wrong address” and wrong address is the same as expected address but 1 byte different. For example expected is FFFFFFF7, actual is FFFDFFF7. And this error is always on CPU core 6.
I have 2x 16gb of ram, so I will try test again with only one stick and then with other one.
I’m already doing that! I have html templates using Tera and css using TailwindCSS.
Thank you! I made my own static site generator and ony missing thing was nice theme. PaperMod is beautiful, thank you!
Try uninstalling packages that are not required anymore: sudo pacman -c
Thank you very much for this detailed explanation! Looks like kptr and kexec are already disabled and enabled randomized virtual memory address in the hardened kernel. I will check for ebpf. Security certs seem interesting, I will defenetly look into them.