HackerTrans
TopNewTrendsCommentsPastAskShowJobs

burtness

71 karmajoined 8 lat temu

Submissions

Hypervisor-Enforced Kernel Integrity (Heki)

github.com
2 points·by burtness·3 lata temu·1 comments

comments

burtness
·6 godzin temu·discuss
the Wayland folks are the X11 folks though
burtness
·15 dni temu·discuss
Right-wingers are so reliably sore winners. X is still comfortably the dominant microblogging platform on the internet, Facebook and Youtube happily boost and feed right-wing content and concerns. Tiktok has been brought to heel. ATproto hasn't found a way to encode communism - just like activitypub could be used for Truth Social - the ATmosphere will turn right once the ecosystem is in anyway relevant politically or commercially. But you could always start quatrechan while we wait
burtness
·4 miesiące temu·discuss
It won't because none of the alternative inits are better
burtness
·10 miesięcy temu·discuss
*England and Wales
burtness
·w zeszłym roku·discuss
Man, you really suck
burtness
·2 lata temu·discuss
Isn't the problem that the vernacular concepts are what counts and they change depending on time and place?
burtness
·2 lata temu·discuss
Buddy, I have some bad news about tobacco and alcohol...
burtness
·2 lata temu·discuss
Ah, good ol' Riley's law
burtness
·3 lata temu·discuss
No, its an upstream bug being discussed in the debian bug tracker
burtness
·3 lata temu·discuss
This is a misreading of the bug. It is from upstream stable kernels before 6.5 that include commit 91562895f803 but not 936e114a245b6[1].

In this case Debian's current process is good - it's kernels track kernel.org stable releases. This debian bug is responsibly flagging "for visibility" that a serious bug has been discussed and fixed upstream.

[1] https://lore.kernel.org/stable/20231205122122.dfhhoaswsfscuh...
burtness
·3 lata temu·discuss
Linux Virtualization Based Security (LVBS) is an umbrella term under which we can offer various hypervisor backed kernel protection solutions. This is a common hypervisor agnostic extendable architecture in Linux kernel that can be used by any hypervisor to implement and extend Linux kernel protections. Different hypervisor frameworks (Hyper-V as an example of type-1 hypervisor and KVM as an example of type-2 hypervisor) can plug into the common layer to harden the Linux kernel.

Hypervisor-Enforced Kernel Integrity (Heki):

Heki is a proof-of-concept that implements new KVM features (extended page tracking, MBEC support, CR pinning) and defines a new API to protect guest VMs. It is designed to be merged with the mainline project. It is inspired from other private implementations currently in use (e.g. Windows's Virtual Secure Mode), but our approach is tailored to Linux specificities.
burtness
·3 lata temu·discuss
what about purchasing power?
burtness
·3 lata temu·discuss
First they came for the Nazis...