HackerTrans
TopNewTrendsCommentsPastAskShowJobs

burtness

71 karmajoined 8 jaar geleden

Submissions

Hypervisor-Enforced Kernel Integrity (Heki)

github.com
2 points·by burtness·3 jaar geleden·1 comments

comments

burtness
·6 uur geleden·discuss
the Wayland folks are the X11 folks though
burtness
·15 dagen geleden·discuss
Right-wingers are so reliably sore winners. X is still comfortably the dominant microblogging platform on the internet, Facebook and Youtube happily boost and feed right-wing content and concerns. Tiktok has been brought to heel. ATproto hasn't found a way to encode communism - just like activitypub could be used for Truth Social - the ATmosphere will turn right once the ecosystem is in anyway relevant politically or commercially. But you could always start quatrechan while we wait
burtness
·4 maanden geleden·discuss
It won't because none of the alternative inits are better
burtness
·10 maanden geleden·discuss
*England and Wales
burtness
·vorig jaar·discuss
Man, you really suck
burtness
·2 jaar geleden·discuss
Isn't the problem that the vernacular concepts are what counts and they change depending on time and place?
burtness
·2 jaar geleden·discuss
Buddy, I have some bad news about tobacco and alcohol...
burtness
·2 jaar geleden·discuss
Ah, good ol' Riley's law
burtness
·3 jaar geleden·discuss
No, its an upstream bug being discussed in the debian bug tracker
burtness
·3 jaar geleden·discuss
This is a misreading of the bug. It is from upstream stable kernels before 6.5 that include commit 91562895f803 but not 936e114a245b6[1].

In this case Debian's current process is good - it's kernels track kernel.org stable releases. This debian bug is responsibly flagging "for visibility" that a serious bug has been discussed and fixed upstream.

[1] https://lore.kernel.org/stable/20231205122122.dfhhoaswsfscuh...
burtness
·3 jaar geleden·discuss
Linux Virtualization Based Security (LVBS) is an umbrella term under which we can offer various hypervisor backed kernel protection solutions. This is a common hypervisor agnostic extendable architecture in Linux kernel that can be used by any hypervisor to implement and extend Linux kernel protections. Different hypervisor frameworks (Hyper-V as an example of type-1 hypervisor and KVM as an example of type-2 hypervisor) can plug into the common layer to harden the Linux kernel.

Hypervisor-Enforced Kernel Integrity (Heki):

Heki is a proof-of-concept that implements new KVM features (extended page tracking, MBEC support, CR pinning) and defines a new API to protect guest VMs. It is designed to be merged with the mainline project. It is inspired from other private implementations currently in use (e.g. Windows's Virtual Secure Mode), but our approach is tailored to Linux specificities.
burtness
·3 jaar geleden·discuss
what about purchasing power?
burtness
·3 jaar geleden·discuss
First they came for the Nazis...