Hi,
the last publicly available version of PaX / grsecurity will probably
never be ported to work with the Meldown / Spectre fixes.
The only option is to use minipli's last release (4.9.74) and port all
non-spectre related fixes from upstream's 4.9 branch [1] to it. However
you should only run such a kernel on CPUs not affected by Meltdown /
Spectre, such as the Raspberry Pi or Intel's Atom (the in-order ones
codenamed "Bonnell") [2].
Bear in mind that upstream is porting fixes from PaX to mainline, albeit
at a slow pace. I've rebased the last pax-only patch on 4.9.74 but
decided for myself that it's not worth maintaining a 4.9 fork.
Cheers,
Philipp
[1]
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/?h=linux-4.9.y [2]
https://en.wikipedia.org/wiki/List_of_Intel_Atom_microprocessors Am 02.09.2018 22:39 schrieb Ren Nyo:
> In minipli's github brunch, in issues someone ported changes up to
> 4.9.105. However without spectre and meltdown fixes. You should write
> to grsecurity team about personal license. If they will receive many
> letters, maybe they make such license available.
>
> ??, 2 ????. 2018 ?., 11:43 Alex Efros <powerman@powerman.name>:
>
>> Hi!
>>
>> On Sat, Apr 14, 2018 at 12:33:55AM +0000, Ren Nyo wrote:
>>> I contacted minipli, and he said that unofficial grsecurity
>> kernel is
>>> frozen. So we should not wait for him to port KPTI and Meltdown.
>>
>> Looks like there is no progress so far. :(
>>
>> Is there any other options how to get kernel newer than 4.9.74 with
>> GrSecurity/PaX for personal use, or it's now available only for
>> high
>> price i.e. enterprise-only?
>>
>> --
>> WBR, Alex.