[svsm-devel] Kernel security features
Jörg Rödel
joro at 8bytes.org
Thu Aug 29 09:02:20 CEST 2024
Hi Thomas,
On Wed, Aug 28, 2024 at 03:37:53PM +0200, Thomas Leroy wrote:
> The current list currently contains:
> - KASLR
> - Read-only GDT and IDT
> - SMEP and SMAP
> - Heap hardening
> - Shadow stacks
Thanks for starting this list, I think this is very relevant. The
project already has the ground-work for KASLR. Making GDT and IDT
read-only should be a low-hanging fruit. SMEP and SMAP is a bit more
work, though also not that complicated.
Shadow stacks is probably the hardest item to implement. What about
KPTI, is that still necessary with recent processors? If we do KPTI then
we also need PCID.
Regards,
Joerg
More information about the Svsm-devel
mailing list