[svsm-devel] Kernel security features

[Thomas Leroy]

Hi everyone,

I created an issue on Github repo [0] to start tracking down the
security features and hardening we could add to the COCONUT kernel.

The current list currently contains:
- KASLR
- Read-only GDT and IDT
- SMEP and SMAP
- Heap hardening
- Shadow stacks

This is still a draft list, maybe some features can't be implemented yet
or could also be irrelevant, so please feel free to comment on this :)

Thomas

[0] https://github.com/coconut-svsm/svsm/issues/448

-- 
Thomas Leroy
Security Engineer
SUSE Software Solutions