Index: kerberos5/tools/asn1_compile/Makefile
===================================================================
--- kerberos5/tools/asn1_compile/Makefile
+++ kerberos5/tools/asn1_compile/Makefile
@@ -6,6 +6,7 @@
 LIBADD=	vers
 LDADD=	${LIBROKEN_A}
 DPADD=	${LIBROKEN_A}
+MK_PIE:=	no
 
 SRCS=	\
 	asn1parse.y \
Index: kerberos5/tools/slc/Makefile
===================================================================
--- kerberos5/tools/slc/Makefile
+++ kerberos5/tools/slc/Makefile
@@ -6,6 +6,7 @@
 LDADD=  ${LIBROKEN_A}
 DPADD=  ${LIBROKEN_A}
 MAN=
+MK_PIE:=	no
 
 SRCS=	roken.h \
 	slc-gram.y \
Index: share/mk/bsd.lib.mk
===================================================================
--- share/mk/bsd.lib.mk
+++ share/mk/bsd.lib.mk
@@ -69,10 +69,22 @@
 TAG_ARGS=	-T ${TAGS:[*]:S/ /,/g}
 .endif
 
+.if !defined(PICFLAG)
+.if ${MACHINE_CPUARCH} == "sparc64"
+PICFLAG=-fPIC
+.else
+PICFLAG=-fpic
+.endif
+.endif
+
 # ELF hardening knobs
 .if ${MK_BIND_NOW} != "no"
 LDFLAGS+= -Wl,-znow
 .endif
+.if ${MK_PIE} != "no" && (defined (INTERNALLIB) || defined (PRIVATELIB))
+CFLAGS+= ${PICFLAG}
+CXXFLAGS+= ${PICFLAG}
+.endif
 .if ${MK_RETPOLINE} != "no"
 CFLAGS+= -mretpoline
 CXXFLAGS+= -mretpoline
@@ -93,14 +105,6 @@
 # .nossppico used for NOSSP PIC object files
 .SUFFIXES: .out .o .bc .ll .po .pico .nossppico .S .asm .s .c .cc .cpp .cxx .C .f .y .l .ln
 
-.if !defined(PICFLAG)
-.if ${MACHINE_CPUARCH} == "sparc64"
-PICFLAG=-fPIC
-.else
-PICFLAG=-fpic
-.endif
-.endif
-
 PO_FLAG=-pg
 
 .c.po:
Index: share/mk/bsd.opts.mk
===================================================================
--- share/mk/bsd.opts.mk
+++ share/mk/bsd.opts.mk
@@ -72,6 +72,7 @@
     CCACHE_BUILD \
     CTF \
     INSTALL_AS_USER \
+    PIE \
     RETPOLINE \
     SSP \
     STALE_STAGED
Index: share/mk/bsd.prog.mk
===================================================================
--- share/mk/bsd.prog.mk
+++ share/mk/bsd.prog.mk
@@ -41,8 +41,15 @@
 .if ${MK_RETPOLINE} != "no"
 CFLAGS+= -mretpoline
 CXXFLAGS+= -mretpoline
-# retpolineplt is broken with static linking (PR 233336)
+.endif
+# Some ELF hardening options currently do not work with static linking
 .if !defined(NO_SHARED) || ${NO_SHARED} == "no" || ${NO_SHARED} == "NO"
+.if ${MK_PIE} != "no"
+CFLAGS+= -fPIE
+CXXFLAGS+= -fPIE
+LDFLAGS+= -pie
+.endif
+.if ${MK_RETPOLINE} != "no" # PR 233336
 LDFLAGS+= -Wl,-zretpolineplt
 .endif
 .endif
Index: stand/i386/Makefile.inc
===================================================================
--- stand/i386/Makefile.inc
+++ stand/i386/Makefile.inc
@@ -7,6 +7,7 @@
 LOADER_ADDRESS?=0x200000
 LDFLAGS+=	-nostdlib
 LDFLAGS.lld+=	-Wl,--no-rosegment
+MK_PIE:=	no
 
 # BTX components
 BTXDIR=		${BOOTOBJ}/i386/btx
Index: tools/build/options/WITHOUT_PIE
===================================================================
--- /dev/null
+++ tools/build/options/WITHOUT_PIE
@@ -0,0 +1,3 @@
+.\" $FreeBSD$
+Do not build dynamically linked binaries as
+Position-Independent Executable (PIE).
Index: tools/build/options/WITH_PIE
===================================================================
--- /dev/null
+++ tools/build/options/WITH_PIE
@@ -0,0 +1,3 @@
+.\" $FreeBSD$
+Build dynamically linked binaries as
+Position-Independent Executable (PIE).