Explore a Linux Plumbers Conference talk on Hypervisor-Enforced Kernel Integrity (Heki) for KVM. Delve into advanced kernel protection mechanisms that leverage KVM to implement defenses outside the kernel, offering more robust security against vulnerabilities. Learn about the evolution of the project, including new features such as minimal static configuration, GFN attributes management, dynamic memory protection for kernel mappings, VMM notification, and version management. Gain insights into the challenges of mainlining these changes and the potential for collaboration with contributors and users in the Linux kernel community.
Overview
Syllabus
Hypervisor-Enforced Kernel Integrity (Heki) for KVM - Mickaël Salaün, Mr Madhavan Venkataraman
Taught by
Linux Plumbers Conference
Related Courses
-
Hypervisor-Enforced Kernel Integrity for Linux with KVM
-
Developing a Multithreaded Kernel From Scratch!
-
Evaluating Implementation Options for KVM-based Type 1 and 1.5 Hypervisors
-
Kernel Hardening - Protecting the Protection Mechanisms
-
KVM-devirt - Extending KVM to a Zero-Overhead Partition Hypervisor
-
Hyper-V's Virtual Secure Mode in KVM - Project Update
