I've seen this mentioned in a few videos but I didn't find an issue on it, and I thought it might be good to make one to track the progress here. Making the layout less predictable would not help with making the kernel more secure, but harder to exploit if such a vulnerability is found, so this probably not of any real importance until people actually start using this as their everyday operating systems and it might be targeted in such a way.

One of the harder problems is finding an entropy source that early in the boot. Maybe there could be support for RDRAND when the hardware supports it? (This is testable in qemu with -kvm -cpu host if your host has it and requires setting no bits to enable)

I think a rough outline of things one would like to do is something like this:

• Establish partial entropy source
• Randomize kernel base
• Randomize kernel dynamic allocators
• Randomize userspace layout
• Provide randomness for userspace(?)
• Establish good entropy source

I guess a 64 bit switch also could be considered. 64 bits is not so relevant for the extra virtual address space (the important part is having any randomization at all, not lots), but rather for the pc-relative addressing, but that's not that big of a deal as your C++ compiler will insert a get_pc_thunk into your code here and there.